Bypass CAPTCHA in Safari on iOS.
Image: Apple

CAPTCHAs can be quite annoying when you just want to try to create a new account or log in to a website. They do serve a security purpose, but they are very rudimentary when it comes to security solutions. Apple hopes to solve the friction of CAPTCHAs with a new feature in iOS 16.1; this feature, called Automatic Verification, will allow websites to verify you’re logging in from a real device and are not a bot but without the manual process that comes with CAPTCHAs. Apple’s solution uses your iCloud account and a service Apple runs to issue a secure token to the website to verify you’re a real person.

While website support for Automatic Verification is still rolling out, I’ll show you how to enable it so that when you encounter a website that does offer support, you will get in quicker and without the inconvenience of solving a CAPTCHA test.

This feature is available in iOS 16.1 and can be turned on for Safari by following these steps:

  1. Open Settings.
  2. Tap on your name in the top banner and then select Password & Security.
  3. Scroll down to Automatic Verification and enable the toggle for this option (Figure A).

Figure A

Bypassing captcha through the Password & Security settings of your iPhone with iOS 16.1.
CAPTCHAs can be annoying, but Apple hopes to solve that with a simple checkbox and iCloud magic.

This feature is supported in iOS 16.1 and later versions and can be turned on using the steps outlined above. Once enabled, instead of needing to complete a CAPTCHA to log in or create an account on a website, Automatic Verification contacts a secure iCloud server and verifies both your device and your Apple ID account. After verification, a private access token is relayed to the website you’re attempting to interact with to prove you’re a real user.

You can also enable this feature in iPadOS 16.1 or later or macOS Ventura or later. Both of these use the same steps, except macOS Ventura goes through the System Settings app via Apple menu | System Settings.

Apple has security top of mind when it comes to this feature, too: Apple doesn’t know what website you’re attempting to access, and the website you’re entering cannot access your Apple account at any time. The token only tells the website if your device has passed the test and cannot relay information about your device or Apple account.

This feature only works on websites that support the automatic CAPTCHA verification system, so you might still get CAPTCHA puzzles occasionally, but a growing list of websites are now supporting this system to verify real users more effectively. You can read more about the system and how it works, as well as the security of the Automatic Verification feature, on Apple’s support note.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays