iOS 16’s Automatic Verification Feature Can Securely Bypass CAPTCHA

iOS 16’s Automatic Verification Feature Can Securely Bypass CAPTCHA

While CAPTCHA is a good way to prevent bots from entering a site or app, it does produce a bit of friction in the user experience. As a solution to this issue, Apple has introduced a new feature in iOS 16 called ‘Automatic Verification’ that will securely sign in to websites and apps without needing user input.

The technology behind this feature is called ‘Private Access Tokens’, and support for it was recently announced by Cloudflare and Fastly. It enables HTTP requests to be authenticated from legitimate devices in a secure way, without revealing private or personal information.

In iOS 16, the Automatic Verification feature uses Private Access Token to make the verification process seamless. Basically, the device and the Apple ID will get verified in the background through this token, and it can be used for signing in, for creating accounts, etc.

The feature can be found in Settings → Apple ID → Passwords and Security → Automatic Verification. In iOS 16, the feature will be enabled by default, and Apple says that it will soon be supported on macOS Ventura too.

Source