Apple is now offering app-specific passwords for third-party apps that access iCloud, allowing users to generate unique one-time use passwords to sign into iCloud securely. In a support document, Apple describes app-specific passwords as a feature of two-step verification and states that app-specific passwords will be required to sign into iCloud when using a third-party app beginning on October 1, 2014.
/article-new/2014/09/appspecificpasswords.jpg?lossy)
If you use iCloud with any third party apps, such as Microsoft Outlook, Mozilla Thunderbird, or BusyCal, you can generate app-specific passwords that allow you to sign in securely, even if the app you're using doesn't support two-step verification. Using an app-specific password also ensures that your primary Apple ID password isn't collected or stored by any third party apps you might use.
App-specific passwords, which have long been used by other sites like Google, are a function of two-step verification. Typically, two-step verification requires a user to enter a verification code, but oftentimes, the codes will not work properly in third-party apps, so app-specific passwords are substituted instead.
As outlined in the support document, app-specific passwords can be generated by accessing My Apple ID, where the option to generate an app-specific password is listed under Password and Security. According to Apple, users can have up to 25 active app-specific passwords at a time, which are listed in the Password and Security section of My Apple ID.
/article-new/2014/09/appspecifichistory.jpg?lossy)
Generating an app-specific password is limited to accounts with two-factor authentication turned on, and for security reasons, Apple sends an email whenever an app-specific password is generated. App-specific passwords will be revoked whenever a user's primary Apple ID password is changed, requiring new app-specific passwords to be generated.
Apple's new app-specific passwords follow the launch of two-factor verification for accessing iCloud.com and come after a hacking incident that saw the iCloud accounts of several celebrities compromised due to weak passwords.
Apple CEO Tim Cook has promised to improve iCloud security by increasing awareness about two-factor verification, as well as sending out security emails whenever a device is restored, iCloud is accessed, or a password change is attempted.
Top Rated Comments
(View all)... That Google users have been using for about 7 years now.
And by 7 years you mean 3, correct?
http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html
Way to build credibility. Oh, and by the way, if you ask 10 gmail users on the street today whether they use 2FA on their gmail account I would be willing to bet at least 7 of them say, "What's that?"
It feels like apple had all of these securities measures built but just never released for various reasons.
Scaling to millions of users is a very tough task, regardless of how much money the company has. Scaling is what Google excels at, which is why they had almost all of this in place when they had 2FA on and their authenticator app.
Apple's great at creating the demand but they suck at supplying it (scaling).
is it me or is this all getting to be a mess.
Steve was all about simplifying things. iTunes is an utter mess. It doesn't even have an identity of purpose now.
Plug in syncing, wireless syncing, management of syncing through itunes on both wireless and wired, manual management of content that gets rid of previous said options. icloud downloading of content, itunes match, home sharing (which never works), now account sharing between people in your family, iphoto streaming, iphoto library with video and photo backup, icloud 2 question authentication, icloud 2 factor authentication, app specific password, icloud keychains.
HONESTLY?? Can we not do a better job of simplifying this? Then you get constant backup error messages saying icloud couldn't backup guilting you into buying more icloud storage.
Now every time you change something on your account you get 5-10 emails in a row telling you something changed and a message popping up on every device telling you something changed.
This is a complete mess. and NO MERE MORTAL will understand what this all means.
Seriously. The whole Spirit of Steve was to do better on issues like this.
Or here's another reason: Apple wants to make sure their users' experience is predictable and as simple as possible.
Wow, some of you really like just making stuff up on these forums huh?App specific passwords, and setting up 2FA in Google is a kludgy mess, and has run inconsistently at times, to the point that many people I have recommended do it end up going back to simple password authentication out of pure frustration. Their experience has been similar to mine (and I know what I'm doing). But I recognize the risk involved with using gmail without 2FA, so I have put up with it.
As long as you sound like you know what you're talking about, and praise Apple, no one will really question you.
Gotta support the team, I guess. :apple: