Once the next iOS operating system gets rolled out, Apple users may never need to identify a boat again, thanks to a new security feature. Apple has found a way to eliminate the need for CAPTCHA authentication.
We’ve all encountered CAPTCHAs – an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”. In order to weed out bots, CAPTCHAs ask users to prove that they are real humans by typing in the number or letters presented in an image, or by selecting the images in a given set that contain a certain object, such as a boat.
It’s a useful security tool, but it’s a high-friction one that can seriously disrupt the user experience. Many simply find these exercises annoying.
Apple’s solution, revealed at the company’s recent Worldwide Developers Conference, would use the company’s iCloud platform to bypass CAPTCHAs on the web and in apps. It would do so using Private Access Tokens, or PATs: essentially, a server would ask an Apple device for a token using the HTTP PrivateToken authentication method, and iCloud’s attestor system would respond by getting a certificate from the device’s Secure Enclave and passing it along.
The requesting server would not receive any particular information about the end user, but would instead trust Apple’s attestor that it really is a bona fide human at the other end.
The solution further illustrates Apple’s focus on sophisticated, user-friendly security solutions for its users, arriving alongside the company’s announcement of its trailblazing Passkeys solution at the same WWDC event. Passkeys are designed to store a unique code for each of a user’s online accounts on their device, which can be unlocked using Apple’s biometric authentication systems. They’re highly secure, yet can deliver a better user experience by eliminating the need to enter passwords when accessing online accounts, instead replacing them with face- or fingerprint-based login mechanisms.
These efforts may hint at a more collaborative approach to digital security on Apple’s part. The company has generally been known for keeping a closed, tightly-controlled ecosystem, but was recently roped into a commitment to work with rivals Microsoft and Google on the development of standards for interoperable passwordless login methods in partnership with the FIDO Alliance and the World Wide Web Consortium. Apple framed its Passkeys solution as a part of that effort, and it’s now working to make Private Access Tokens a web standard as well, according to AppleInsider.
None of these features are widely available yet, of course. The Passkeys and CAPTCHA bypass solution were unveiled at WWDC, but won’t be rolled out to most Apple customers until the launch of iOS 16 and macOS Ventura, anticipated for later this year.