Apple Begins Reminding Two-Factor Authentication Users About App-Specific Passwords

Apple has begun emailing iCloud users who have enabled two-factor authentication on their Apple IDs, reminding them that application specific passwords will be required when trying to access iCloud data on third party apps starting tomorrow.

Screen Shot 2014-10-08 at 8.13.42 PM
In addition to the email reminders, Apple last week published a new support document educating users on how to use app-specific passwords. While the feature was originally intended to require the feature on October 1, it's unclear why two-factor authentication users are being reminded of it a week later.

App-specific passwords are a new feature Apple introduced in mid-September, following the launch of two-factor authentication for accessing iCloud.com. The changes arrived after a hacking incident that saw the iCloud accounts of several celebrities compromised due to weak passwords.

CEO Tim Cook has promised to improve iCloud security by increasing awareness around Apple's security features like two-factor authentication as well as a sending out email notifications whenever a device is restored, an account is accessed or a password change is attempted.

Popular Stories

Apple Announces Special Event in New York Feature

Apple Announces Special Event in New York, London, and Shanghai on March 4

Monday February 16, 2026 6:05 am PST by
Apple today announced a "special Apple Experience" in New York, London, and Shanghai, taking place on March 4, 2026 at 9:00am ET. Apple invited select members of the media to the event in three major cities around the world. It is simply described as a "special Apple Experience," and there is no further information about what it may entail. The invitation features a 3D Apple logo design...
iphone 16 apple intelligence

Apple Aiming to Release 'Breakthrough' New iPhone Accessory

Wednesday February 18, 2026 12:43 pm PST by
Apple is looking for a "breakthrough" with its push into wearable AI devices, including an "AirTag-sized pendant," according to Bloomberg's Mark Gurman. In a report this week, he said the pendant is reminiscent of the failed Humane AI Pin, but it would be an iPhone accessory rather than a standalone product. The pendant would feature an "always-on" camera and a microphone for Siri voice...
CarPlay Liquid Glass Dark

iOS 26.4's New CarPlay Video Feature Shown in Action

Wednesday February 18, 2026 9:29 am PST by
Back at WWDC 2025, Apple revealed that it was planning to allow CarPlay users to watch video via AirPlay in their vehicles while they are not driving, and the first beta of iOS 26.4 suggests the feature may be nearing availability. There are several new references to CarPlay video streaming functionality within the iOS 26.4 beta's source code. The feature is not yet visible to users, but...
iphone 17 pro green

iPhone 17 Pro Max Curiously Becomes Most Traded-In Smartphone

Wednesday February 18, 2026 9:13 am PST by
New trade-in data indicates that Apple's iPhone 17 Pro Max has rapidly become the single most traded-in smartphone. According to a new report from SellCell, Apple's latest flagship iPhone has quickly risen to the top of the independent trade-in market, accounting for 11.5% of all devices appearing in the top-20 trade-in rankings just months after release. The analysis is based on SellCell...
Apple Announces Special Event in New York Feature 1

Apple Event on March 4: Here's What to Expect

Tuesday February 17, 2026 8:08 am PST by
Apple on Monday invited selected journalists and content creators to a "special Apple Experience" on Wednesday, March 4 in New York, London, and Shanghai. At an Apple Experience, attendees are typically given the opportunity to try out Apple's latest hardware or software. Following the launch of Apple Creator Studio last month, for example, some content creators attended an Apple Experience...

Top Rated Comments

148 months ago
A ridiculous bandaid fix for their apparently weak password reset system. Three security questions, and anyone gets in without a verification email. So you have to bother with this annoying double authentication system. I might as well just make my security answers random codes themselves rather than dealing with this.

I remember Gmail somehow not working properly with third-party mail clients after they messed with their authentication system like this. I was too lazy to negotiate with it and switched to iCloud email as my "anonymous/internet" account.
People complain about eeeeverything!!!!! :rolleyes:
Score: 18 Votes (Like | Disagree)
148 months ago
Had to Quickly Remind Myself...

When I read that email, I immediately though "Dammit that sounds so inconvenient" but I took a few steps back and realized how helpful that will be. I appreciate Apple's multiple levels of security:apple::cool:
Score: 10 Votes (Like | Disagree)
148 months ago
Yeah, I should. On computers, everything has to work (1 - 10^(-9000))*100% of the time.

Oh kid, welcome to life, if there's something that doesn't work at 100% all the time are computers, you are going to have a bad life thinking computers should work (1 - 10^(-9000))*100% of the time.

Welcome to the real world, you can complain all you want, but technology has it flaws..
Score: 5 Votes (Like | Disagree)
148 months ago
A ridiculous bandaid fix for their apparently weak password reset system. Three security questions, and anyone gets in without a verification email. So you have to bother with this annoying double authentication system to avoid that... or provide bogus security answers. I might as well just make my security answers random codes themselves rather than dealing with this. My first pet was Aahs8y238899_!!3.

I remember Gmail randomly rejecting authentication from third-party mail clients after they messed with their authentication system like this. I was too lazy- er, I mean optimized to try and fix it and switched to iCloud email as my "anonymous/internet" account instead.

This is basically how gmail works because 3rd party apps have no cookie mechanism & challenge follow-up. You need app specific passwords.

Apple's implementation is exactly like Google except you have more trusted device than SMS.
Score: 4 Votes (Like | Disagree)
Futurix Avatar
148 months ago
A ridiculous bandaid fix for their apparently weak password reset system.

This is an industry-wide and fairly secure solution, used by the likes of Google, Microsoft, and Yahoo.
Score: 3 Votes (Like | Disagree)
148 months ago
It's just very unclear who would use app-specific passwords and who wouldn't, how they would be used, and how they would benefit the user.

If you want third party apps to have access to your iCloud account (eg. Outlook), you create a specific password for Outlook to use.

The app does not know your real iCloud password, and you can revoke the app specific password if you want to.
Score: 3 Votes (Like | Disagree)