Cloudflare Announces Private Access Tokens Replacing CAPTCHAs

cloudflare captcha

Cloudflare, the popular DNS service provider, announced a new technology on Wednesday that allows you to privately validate whether real users are visiting your site.

The new tokens called Private Access Tokens (PATs) will eliminate the need for CAPTCHA on the internet. For the inexperienced, a CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is a type of security measure known as challenge-response authentication and is used in computer science to determine if the user is human.

PATs offer several benefits, such as making the mobile web experience more enjoyable and private for Internet users than other networks at the same time.

Likewise, web and app developers know if their user is coming from an authentic device and a signed application, verified directly by the device vendor. They can also validate users without maintaining a cumbersome SDK. For Cloudflare customers, it will automatically ask for and use PATs.

PATs are included in Apple’s upcoming versions of macOS and iOS, such as iOS 16, iPadOS 16, and macOS 13. More vendors are expected to announce support for PATs in the near future, eliminating the need for CAPTCHA.

As for Cloudflare, it has already included PATs in its Managed Challenge platform in response to every Firewall rule instead of CAPTCHA.

According to the company, 65% of their customers are now choosing Managed Challenge over the Legacy CAPTCHA as the response option in a firewall rule.

PATs greatly improve privacy by validating without fingerprints, which is the most powerful aspect of the new technology. When PATs are used, device data is isolated and explicitly NOT exchanged between the involved parties (the manufacturer and Cloudflare). Cloudflare will be incorporating PATs into other security products very soon.

Leave a Comment