The new featured, called Automatic Verification, will allow Apple users to bypass CAPTCHAs in iOS 16 and macOS Ventura on sites where the token issuer (also referred to as a CDN) is Fastly or Cloudflare. These two CDNs have been working with Apple and Google to develop the Privacy Pass protocol (opens in new tab), which ensures that user data is kept anonymous during the token verification process. Automatic Verification is already available in the iOS 16, iPadOS 16 and macOS Ventura betas, which are currently in the hands of developers ahead of public beta releases in July. The new feature works with more than 100 servers, so iPhone, iPad and Mac users running those betas can already test Automatic Verification on a variety of sites. Additional CDNs will be able to register with Apple later this year, presumably once both operating systems go live.
Automatic Verification: What are CAPTCHAs?
If you have ever come across a web page that asks you “Select all images with fire hydrants,” then you have interacted with a CAPTCHA. The same thing goes with any boxes that ask you to “type the characters above” or want you to simply click “I’m not a robot.” These security features are meant to ensure bots are kept off-site, which improves the security and user experience for human users.
Automatic Verification: How are Private Access Tokens different from CAPTCHAs?
Like with CAPTCHAs, Private Access Tokens are a method used to confirm that a user is human when browsing a site. Unlike a CAPTCHA, this process all takes place behind the scenes. This is because the user will have already logged into iCloud on their Apple device and therefore proven that they are human; Automatic Verification communicates with the token issuer to attest to that fact.
Automatic Verification: What are the benefits?
Tommy Pauly from Apple (opens in new tab) says in a WWDC 2022 video that Automatic Verification will “Save a lot of people a lot of time.” Given that Cloudflare (opens in new tab) says CAPTCHAs currently waste 500 human years per day of internet users’ time, it is tough to argue with that statement. Additionally, CAPTCHAs are not particularly accessible. Those with disabilities and who do not speak English can struggle to pass CAPTCHAs so Private Access Tokens eliminate barriers for those people. However, the real benefit could come from the snowball effect this has as more token issuers register with Apple to be able to accept Private Access Tokens. Apple says that each approved token issuer needs to work with hundreds of servers. This means as more token providers elect to use Private Access Tokens, whole chunks of the internet will start to work with Automatic Verification at once. Additionally, these tokens have been designed in concert with Google, so this feature may come to Android as well in the near future.
Automatic Verification: How to enable it
Right now, only users running a developer beta of iOS 16, iPadOS 16 or macOS Ventura can turn on Automatic Verification. However, the steps are reportedly very simple. Users just need to go to the Settings app and go to the Apple ID section. Once there, select Password & Security and toggle to turn on Automatic Verification.