How to Automatically Bypass Annoying CAPTCHAs for Apps and Websites on Your iPhone, iPad, or Mac « iOS & iPhone :: Gadget Hacks

If you hate matching images or typing letters for CAPTCHA human verification, you’ll love Apple’s newest iOS, iPadOS, and macOS software updates.

Generally, CAPTCHAs can be a massive nightmare on mobile devices. They are used by websites for security purposes, to detect bots, stop active denial of service attacks, and otherwise protect their servers, but they end up annoying their users.

  • It slows the user experience down, adding another step to log in or complete a task. Cloudflare estimates that it takes an average of 32 seconds for a user to complete a CAPTCHA challenge.
  • You can get bad images that make it hard to match boats, traffic lights, bicycles, or whatever it’s asking for.
  • Words may be jumbled in a way that makes a letter impossible to get right.
  • Rendering the data it needs to work consumes excess bandwidth.
  • It does not work well with users that have accessibility issues.
  • It may be tracking your IP address and other private data.

In the new iOS 16, iPadOS 16, and macOS 13 Ventura updates, Apple has implemented a new security feature that bypasses CAPTCHA verification. It does this using iCloud and Private Access Tokens (PATs) to verify that your device is sending out the HTTP requests. As a bonus, it will not disclose your identity or share private data like IP addresses.

CAPTCHA in iOS 15 (left) vs. Private Access Tokens in iOS 16 (right). Image via Apple

To implement PATs on a website or app, its servers must have the hostname and public key for a trusted token issuer, which can be a content delivery network (CDN) like Cloudflare or Fastly, a web hosting provider, or a CAPTCHA provider. Fastly notes that site owners need to enable PATs, but it’s automatic for Cloudflare customers.

That info is then sent to users as a “PrivateToken” challenge. This new HTTP authentication scheme uses RSA Blind Signatures to cryptographically confirm to the server that your device passes an attestation check.

These signatures are ‘unlinkable,’ which means that servers that receive tokens can only check that they are valid, but they cannot discover client identities or recognize clients over time.

Private Access Tokens are not strictly for Apple devices, as they are a part of a broader authentication standard called Privacy Pass being developed by the Internet Engineering Task Force (IETF) working group, which includes Apple and Google. Currently, Cloudflare and Fastly are the only CDNs Apple has worked with, but it is working with other companies for vast implementation across the web.

Apple’s iOS 16, iPadOS 16, and macOS 13 software is currently in beta, but you can join the beta if you want to test out this new feature — along with a bunch of other new features. You may experience bugs, decreased battery life, and other glitches when running a beta, but you can always downgrade if necessary.

The feature is enabled by default, but you can double-check to ensure it’s enabled. On iOS and iPadOS 16, visit Settings –> [Your Name] –> Password & Security –> Automatic Verification. On macOS 13, go to Preferences –> Apple ID –> Password & Security –> Automatic Verification.

Keep Your Connection Secure Without a Monthly Bill. Get a lifetime subscription to VPN Unlimited for all your devices with a one-time purchase from the new Gadget Hacks Shop, and watch Hulu or Netflix without regional restrictions, increase security when browsing on public networks, and more.

Buy Now (80% off) >

Other worthwhile deals to check out:


Please enter your comment!
Please enter your name here