Apple’s new security tech called Private Access Token or PAT is now expected to replace the current CAPTCHAs. But, is it really more efficient?
During the Apple WWDC (Worldwide Developers Conference) 2022, the giant iPhone maker revealed its new security tech called the Private Access Token (PAT). The tech giant firm claimed that PAT can actually release the current CAPTCHAS, which are usually used by many mainstream websites.
Apple’s Private Access Tokens (PAT) can verify whether an HTTP request is made by a human or a bot. CAPTCHAs are the most used type of authentication, but they take a long time for a human to solve.
They begin by selecting the “I am not a robot” checkbox. These tools are inconvenient: distorted words, detecting things in an image, and sliding a jigsaw piece. Experts also said that these tools are less efficient compared to Apple’s new security token.
Apple PAT’s Efficiency
In the background, the new Apple Private Access Token authenticates an HTTP request. Users won’t notice a difference, and cloud providers like Cloudflare and Fastly have already implemented the technique.
A server employs cryptography to ensure a client passed an iCloud attestation check using a new HTTP authentication method called PrivateToken. When a client requires a token, it contacts an attester, such as Apple, who completes the procedure using certificates stored in the Secure Enclave of the device.
After then, Apple can utilize rate-limiting to determine whether the client device is following regular user habits or is part of an iPhone click farm, for example.
When an Apple user checks in with a password, Touch ID, or Face ID, opens Safari and navigates to a webpage, it’s difficult for a bot to duplicate their activities.
Other Details of Private Access Tokens
Cloudflare explained that the tech giant manufacturer’s new Private Access Tokens can separate device data when they’re utilized. This implies that no other parties will have access to your information during the procedure.
PATs will automatically operate with web servers viewed through Safari and WebKit. Because other devices may not recognize the token procedure, Apple advises developers to make sure user authentication does not prevent users from seeing the main web page and to make it optional.
These tokens, according to Apple, require a device running iOS 16 or macOS Ventura or later, as well as an Apple ID signed in. The Apple ID is not disclosed and is solely used for attestation.
Experts stated that the iPhone manufacturer’s new Private Access Token security tech is an interesting move, especially since PAT’s goal is to replace CAPTCHA. It’s also another way in which Apple users experience the web differently.