Click to Skip Ad
Closing in...

iOS 16’s game-changing CAPTCHA bypass is about to get even better

Updated 2 months ago
Published Sep 29th, 2022 3:54PM EDT
Apple iPhone 14 Pro
Image: Apple

The Completely Automated Public Turing test to tell Computers and Humans Apart is one of the internet’s most annoying features. You know it as CAPTCHA, the feature that forces you to identify yourself as a human before proceeding with a login. It’s a smart security feature, but that doesn’t make it any less annoying. Now that iOS 16 is available on iPhone, you can bypass most CAPTCHA systems that will come your way. And the good news is the feature will be available on more services soon.

How to bypass CAPTCHA in iOS 16

We told you about iOS 16’s brilliant CAPTCHA bypass in June when the first beta releases hit iPhones.

It’s a feature that’s quite easy to set up and forget about it. Even better, it should be enabled by default on your iPhone.

If you don’t know whether it’s enabled on your iPhone, make sure you install iOS 16 and then head over to the Settings app. Tap your name to enter the iCloud settings and look for the Password & Security menu.

In there, you’ll want to enable the Automatic Verification option. That’s the actual CAPTCHA bypass that comes with iOS 16. Here’s how Apple describes it on iPhone:

Bypass CAPTCHAs in apps and on the web by allowing iCloud to automatically and privately verify your device and account.

Enhanced privacy is another big win of Apple’s CAPTCHA verification system.

iOS 16's CAPTCHA bypass feature.
iOS 16’s CAPTCHA bypass feature. Image source: Chris Smith, BGR

More websites to support the feature

As easy as it might be to bypass CAPTCHAs in iOS 16, enabling the feature isn’t enough to dispose of all those CAPTCHA checks. Websites and apps need to support Private Access Token for the feature to work.

Thankfully, Cloudflare just announced a free API for companies so their websites and apps can eliminate CAPTCHAs on devices that have built-in features like the iOS 16 Automatic Verification. Here’s how it’ll work:

Private Access Tokens are built directly into Turnstile. While Turnstile has to look at some session data (like headers, user agent, and browser characteristics) to validate users without challenging them, Private Access Tokens allow us to minimize data collection by asking Apple to validate the device for us. In addition, Turnstile never looks for cookies (like a login cookie), or uses cookies to collect or store information of any kind. Cloudflare has a long track record of investing in user privacy, which we will continue with Turnstile.

The best part about it is that it’s free to use for any website owner, not just Cloudflare customers. Cloudflare also stresses the privacy aspect of CAPTCHA systems and its commitment to user privacy.

Apple’s CAPTCHAs bypass in iOS 16 resulted from a collaboration with Cloudflare. The feature will also be available in iPadOS 16 and macOS Ventura later this year when the two operating systems arrive.


More Apple coverage: For more Apple news, visit our iPhone 14 guide.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises. Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.