cloudflare captcha

Cloudflare, the popular provider of DNS services, on Wednesday announced a new technology that privately allows you to validate whether real users are visiting your site.

The new tokens dubbed Private Access Tokens (PATs) will eliminate the need for CAPTCHA across the web. For the unversed, a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of security measure known as challenge-response authentication used in computing to determine whether the user is human.

PATs provide several benefits, for instance, mobile web experience will be more pleasant and more private than other networks simultaneously for internet users.

Similarly, web and app developers will know if their user is coming from an authentic device and signed application, verified by the device vendor directly. They can also validate users without maintaining a cumbersome SDK. For Cloudflare customers, it will automatically ask for and utilize PATs.

PATs have been included in Apple’s upcoming versions of macOS and iOS such as iOS 16, iPadOS 16, and macOS 13. More additional vendors are too expected to announce support for PATs in the near future, thereby eliminating the need to use CAPTCHA.

As for Cloudflare, it has already incorporated PATs into its Managed Challenge platform as a response action to any Firewall rule instead of CAPTCHA.

According to the company, 65% of their customers are now choosing Managed Challenge rather than the Legacy CAPTCHA as a response option in a Firewall rule.

PATs vastly improve privacy by validating without fingerprinting, which is the most powerful aspect of the new technology. When PATs are used, device data is isolated and explicitly NOT exchanged between the involved parties (the manufacturer and Cloudflare). Cloudflare will be incorporating PATs into other security products very soon.