You know those annoying gatekeepers that make you prove you’re a human? Picking out pictures of traffic lights or bridges, or deciphering letters and numbers out of squiggly lines? The internet calls those CAPTCHA verifications, and Apple is about to make them a thing of the past. A new feature in iOS 16 and macOS Ventura will allow you to bypass that pesky CAPTCHA with a PAT, or Private Access Token.
Introducing PAT, the Private Access Token
Apple recently shared a video outlining the technical details of a new feature built into iOS and iPadOS 16, as well as macOS Ventura. Apple calls the technology the Private Access Token, or PAT. The new system verifies your device and Apple ID are in good standing. This means it’s unaffected by scripts or bots that might try to bypass a website’s or app’s security checks.
This means when you sign in or register for an account on a website or app that supports PAT, you won’t get slowed down by one of those annoying CAPTCHA puzzles. This could be a welcome change, since some estimates suggest we each see a CAPTCHA at least once every 10 days.
The Cupertino-based company describes the tokens as “a powerful alternative that help you identify HTTP requests from legitimate devices and people without compromising their identity or personal information.”
Apple’s produced the video primarily for web and app developers. It describes what the security measure does and how developers can integrate support for Private Access Tokens. Several major CAPTCHA providers have already announced support for the feature.
PAT Eliminates the Need for CAPTCHAs
While the need for CAPTCHA-like technology is still strong, PAT eliminates the need for those specific tools. Apple points out that current CAPTCHA technology can present a barrier for those with disabilities or language barriers. Private Access Tokens use RSA blind signatures to ensure servers your device and Apple ID are in good standing. This means you won’t need to solve a CAPTCHA to prove you’re a human.
Apple also cites privacy concerns surrounding CAPTCHA technology. The system often depends on tracking or fingerprinting clients using IP address, something many folks would prefer not to share. Private Access Tokens work without giving that information to the server, increasing your privacy.
Both Cloudflare and Fastly, major platforms powering CAPTCHA verification, have already announced PAT support. This means when iOS 16 releases in the fall, millions of apps and websites should already allow you to use that technology instead of the squiggly lines and traffic lights. The current iOS 16 beta enables the feature by default, but you can always turn it off from Settings > Apple ID > Password & Security > Automatic Verification.