In the iOS 16 beta, Apple implemented a feature that allows you to bypass CAPTCHAs, those pesky verification tools to ensure you’re not a bot. If you have an iPhone, you’ll soon be able to create an account on certain sites and apps much more easily with this iOS 16 feature known as Automatic Verification.
Are you a recently sentient Googlebot, an Android from the future come to infiltrate humanity, or are you just tired of having to select every image containing a fire hydrant to authenticate yourself? Apple has just introduced a feature in iOS 16 called Auto Check.
This option, available by default in early iOS 16 betas, can be found in Settings > Apple ID > Passwords & Security. Specifically, by enabling the auto-verify feature, iCloud will automatically (and securely, we might add) verify your Apple ID and device in the background, saving you from having to fill out a Captcha when authenticating a website or an app.
Apple explains how this feature is supposed to work in the explainer video below.
Private Access Tokens for a more intuitive yet accessible user experience
This feature from Apple is based on what the firm dubs Private Access Tokens. Apple begins by explaining that if you’ve logged into a site, it’s because you’ve already had to unlock your iPhone with a password or Face ID. This also means you have an Apple account that you’re logged into on your iPhone, and you’ve launched an app, Safari, to access said site.
So many actions are unlikely to have been performed by a bot and can already inform a site about the human nature of the user trying to access it, making the use of a Captcha irrelevant. The Private Access Token would therefore be a kind of virtual trust badge that informs sites that you are not a bot, but a human.
The server of a site or an application can then inquire your iPhone for these virtual badges. These badges are in no way directly linked to your personal data and do not track you even if you use the same site several times.
It is simply Apple telling the site “Ok, trust me, I scanned his face or I know his Apple ID, he is a good guy”. This exchange of requests and token transmission is performed according to a protocol recognized by the IETF (Internet Engineering Task Force, an Internet standardization body).
Eventually, Apple’s idea is not only to make the user experience more intuitive and fluid, but also to make it more accessible, as Captchas can be a hindrance for some users.
This new feature will be available on all iOS 16 devices, but also on Macs running macOS Ventura. Some industry players like Cloudfare or Fastly have already announced support for these Private Access Tokens from Apple. The number of compatible sites and applications will therefore already be very large once iOS 16 is officially launched next September.
What do you think about this feature from Apple? Do you think it is as secure as Captchas? Are Captchas a real obstacle to your everyday user experience?