iOS 16 Allow Users Skip Some CAPTCHAs – Private Access Tokens

The upcoming iOS 16 would Allow Users to Skip Some CAPTCHAs to make accessing web pages a lot faster. A new system is being introduced for iPhones And MacOS hardware that would aid them in bypassing the CAPTCHA challenge that a lot of webpages rely on for ensuring that the user visiting the site is human and is not a bot.

iOS 16 Allow Users Skip Some CAPTCHAs

That respite from the CAPTCHA annoyance is labeled as the Private Access Token. Apple would be enabling this feature as the partner with Cloudflare and fastly.

iOS 16 Allows Users to Skip Some CAPTCHAs

A private access token is essentially a cryptographic token that works really well for browsers and API that is summoned by browsers and apps.

Built-in collaboration with the likes of Apple and Google, the convenience involved in bypassing the CAPTCHA challenge using these tokens would soon be made available on the iOS 16 and the MacOS Ventura, while more vendors would be taking part in it soon.

Aside from bringing the hassle to an end and easing things around for people with disabilities, private Access tokens are also said to be more secure.

iOS 16 CAPTCHA Service Provider

When users decide to surf the web, both the website and the CAPTCHA service provider would be offered access to the information which includes visited URLs, IP addresses, device information, interaction data, and even other websites that users might have looked up. This token system places a limit on that.

The entire process involved in requesting and generating a token, passing, and validating occurs without the user or the visited website knowing anything concerning it. “No one entity would be able to link client identity to the activity of the website. And this would authorize access to a website – All while eliminating human interactions,” says fastly.


The idea behind this is if a user is trying to sign in on a webpage, that they already have a device like an iPhone, iPad, or Mac, meaning that they have already gone through a more stringent security protocol which includes Face ID or Touch ID.

Plus, the Apple ID has already been signed in on the device that allows Safari to visit the webpage that you want to. The main objective behind the private access token is to allow the servers to avoid CAPTCHA, without allowing the servers to track the identity the servers.

Private Access Tokens

The entire token system involved in bypassing the CAPTCHA Verification process mainly relies on the new HTTP authentication layer and RSA blind tokens that throw in Cryptographic protocols for extra security. For all those that are reliant on Google’s Chrome browser instead of Safari, Private Access Tokens wants to achieve what Chrome Trust Tokens is looking to get.

Another aspect that is important here is that the system would send authentication tokens when an app is running in the foreground. Throughout the whole process, the Apple ID that has been signed in on the device would not be shared by any of the parties that are involved. When it comes to the required tokens to bypass the Captcha challenge and verify that the client is not a bot, they would be made accessible to apps that are using WebKit and URL Session systems.


Please enter your comment!
Please enter your name here