Third-Party Apps Will Need App-Specific Passwords for iCloud Access From June 15

App-specific passwords are set to become a mandatory requirement for third-party apps that access iCloud user data, according to an Apple Support email sent out today.

Currently, app-specific passwords are used to allow non-native apps like email clients to sign in to iCloud accounts that are protected by two-factor authentication. The security measure ensures that users can still link up their iCloud account to apps and services not provided by Apple, while also avoiding the need to disclose their Apple ID password to third parties.

However, app-specific passwords will become a basic requirement from June 15, according to Apple. The policy change basically means that users who want to continue using third-party apps with their iCloud account will have to enable two-factor authentication and generate individual passwords for each app.

Beginning on 15 June, app-specific passwords will be required to access your iCloud data using third-party apps such as Microsoft Outlook, Mozilla Thunderbird, or other mail, contacts and calendar services not provided by Apple.

If you are already signed in to a third-party app using your primary Apple ID password, you will be signed out automatically when this change takes effect. You will need to generate an app-specific password and sign in again.

Two-factor authentication ensures that you're the only person who can access your Apple account, even if someone knows your password. To turn it on from any iOS device running iOS 10.3 or later, open the Settings app, tap your name at the top, and then tap Password & Security.

If you're using iOS 10.2 or earlier, you can enable it from Settings -> iCloud -> Apple ID -> Password & Security. If you're on a Mac, go to System Preferences -> iCloud -> Account Details, click Security, and enable two-factor authentication from there.

To generate an app-specific password, sign into your Apple ID account page (https://appleid.apple.com), go to App-Specific Passwords under Security, and click Generate Password.

Top Rated Comments

(View all)
Avatar
38 months ago
That's all fine but it's get confusing and frustrating for the nontechnically oriented user -- and even those of us who are. If Apple really wants to beef up security I don't understand why it doesn't allow keychain access to apps and also require devs to allow TouchID. The best way to ensure security is to encourage people to use long unique random passwords for every app. But you need a password manager to do this and right now Apple's only works in Safari, not apps.

TouchID is available for apps, but not mandated. It should be mandated and keychain access should be made available for devices that do not have TouchID. That would be truly usable feature and set more space between iOS and Android. I mean if Apple is really serious about user security.
Score: 32 Votes (Like | Disagree)
Avatar
38 months ago
Awful change, makes my computing life more difficult. I think I'll be sure to avoid iCloud as much as possible. I don't want to be forced to use 2 factor. I had turned that on a couple of months ago, and it was just a nightmare trying to use. I don't know why but with multiple iOS and OS X devices, it just didn't work as I had hoped.
Score: 21 Votes (Like | Disagree)
Avatar
38 months ago
Just to clarify: this only affects apps that access iCloud web services in a non-native way (web API). E.g. those mentioned: outlook, thunderbird, and similar. I'm a developer and I used to have only one such app, which has recently been updated to iCloud drive instead.

This change won't affect apps which use iCloud Drive, keychain (which is already accessible by devs btw, they just don't implement it) and apps which use the CloudKit framework. CloudKit already assigns app-specific containers to apps, while this change only affects services which want to access iCloud outside of their own space (which makes sense, if you consider the security risks).

A kind suggestion: please enable two-factor authentication, the risks in using a single password nowadays are just too great, whatever platform you use.
Score: 18 Votes (Like | Disagree)
Avatar
38 months ago
Oh god, no one in my family understands anything above a password as it is. Not even security questions "wtf how does it know where i was born? Thats creepy"
Score: 14 Votes (Like | Disagree)
Avatar
38 months ago

If Apple really wants to beef up security I don't understand why it doesn't allow keychain access to apps and also require devs to allow TouchID. The best way to ensure security is to encourage people to use long unique random passwords for every app. But you need a password manager to do this and right now Apple's only works in Safari, not apps.

This is already available and has been since iOS 8! The uptake from developers is so low. I have one App (ASOS) that actually uses the API to access the Safari keychain's credentials.

I have contacted lots of the developers of the apps I use to add this as a feature request but it just doesn't seem to have priority, despite it seeming easy to implement.

References:

https://9to5mac.com/2014/06/13/ios-8-lets-apps-access-safari-autofill-credentials-for-quick-easy-login/

https://developer.apple.com/reference/security/shared_web_credentials
Score: 12 Votes (Like | Disagree)
Avatar
38 months ago
I accidentally changed to two factor auth a while back and had to use these app specific passwords, hated it, it seemed to work for about a week and then stop stating the password was incorrect and had to set up another one each time. After three times I turned two factor auth off and went back to normal. I can see me finally moving away from apple email entirely as it's just not worth the hassle.
Score: 9 Votes (Like | Disagree)

Top Stories

Apple Acquires Weather App Dark Sky

Tuesday March 31, 2020 10:22 am PDT by Juli Clover
Apple has acquired weather app Dark Sky, Dark Sky's developers announced today. Dark Sky is one of the most popular weather apps on the App Store, known for its accuracy and storm warnings. Our goal has always been to provide the world with the best weather information possible, to help as many people as we can stay dry and safe, and to do so in a way that respects your privacy. There is no ...

Apple's 2020 MacBook Air vs. 2020 iPad Pro

Wednesday April 1, 2020 2:45 pm PDT by Juli Clover
Apple in March updated both the MacBook Air and the iPad Pro, and with the iPad Pro increasingly positioned as a computer replacement, we thought we'd compare both new machines to see how they measure up and which one might be a better buy depending on user needs. Subscribe to the MacRumors YouTube channel for more videos. We're comparing the base model 12.9-inch iPad Pro and the base model...

Zoom Accused of Misleading Users With 'End-to-End Encryption' Claims Amid Other Security Issues [Updated]

Wednesday April 1, 2020 2:47 am PDT by Tim Hardwick
Zoom is facing fresh scrutiny today following a report that the videoconferencing app's encryption claims are misleading. Zoom states on its website and in its security white paper that the app supports end-to-end encryption, a term that refers to a way of protecting user content so that the company has no access to it whatsoever. However, an investigation by The Intercept reveals that...

Case for Upcoming Low-Cost iPhone Shows Up at Best Buy With Alleged April 5 Stock Date

Monday March 30, 2020 4:25 pm PDT by Juli Clover
Apple has a new low-cost iPhone in the works, which is supposed to be launching sometime in the first half of 2020. Given the ongoing situation in the United States and other countries, it's been unclear if the device is going to launch within the planned timeline, but there are signs that it could be coming soon. We started seeing cases for the new low-cost iPhone back in early February,...

Apple Adding Some 2013 and 2014 MacBook Air and MacBook Pro Models to Vintage Products List at End of April

Wednesday April 1, 2020 2:24 pm PDT by Joe Rossignol
In an internal memo obtained by MacRumors, Apple has indicated that the following 2013 and 2014 models of the MacBook Air and MacBook Pro will be added to its vintage and obsolete products list on April 30:MacBook Air (11-inch, Mid 2013) MacBook Air (13-inch, Mid 2013) MacBook Air (11-inch, Early 2014) MacBook Air (13-inch, Early 2014) MacBook Pro (13-inch, Mid 2014)Apple defines vintage...

AirTags Referenced in New Apple Support Video

Thursday April 2, 2020 12:12 pm PDT by Joe Rossignol
Apple has accidentally referenced its widely rumored AirTags item tracking tags in a video that it uploaded to its Apple Support channel on YouTube today. The video was first spotted by the blog Appleosophy and has quickly been removed. The video was titled "How to erase your iPhone." AirTags were mentioned in Settings > Apple ID > Find My > Find My iPhone under Enable Offline Finding, with...

Testing Brydge's New Pro+ Keyboard With Trackpad for iPad Pro

Monday March 30, 2020 2:04 pm PDT by Juli Clover
Well ahead of when Apple introduced trackpad support in iOS 13.4, Brydge announced an iPad Pro keyboard with a built-in multi-touch trackpad. We have one of Brydge's new Pro+ keyboards on hand, and thought we'd check it out to see how it works with Apple's new 2020 iPad Pro models. Subscribe to the MacRumors YouTube channel for more videos. The Brydge Pro+ keyboard is similar in design to...

Intel Unveils 10th-Gen Processors Suitable for Next 16-Inch MacBook Pro With Wi-Fi 6 and Turbo Boost Speeds Above 5GHz

Thursday April 2, 2020 7:53 am PDT by Joe Rossignol
Intel today announced the launch of its latest 10th-generation Core processors for high-end notebooks, potentially including the next 16-inch MacBook Pro. The batch of 45W chips, part of the Comet Lake family, are built on Intel's 14nm++ architecture. The new H-series chips have the same base clock speeds as the 9th-generation chips in the current 16-inch MacBook Pro, but Turbo Boost speeds...

Apple's Work on New Upcoming Products Progressing Normally as Employees Adjust to Telecommuting

Monday March 30, 2020 11:58 am PDT by Juli Clover
Apple's development of upcoming products is progressing as usual despite the fact that Apple employees around the world are working from home, according to a new report today out from Bloomberg. Apple is still working on new versions of the HomePod, Apple TV, MacBook Pro, budget iPads, Apple Watch, iPhone, and iMac, all of which could be released "as early as later this year" and have been...

2020 iPad Pro May Not Have a U1 Ultra Wideband Chip After All

Wednesday April 1, 2020 8:49 pm PDT by Joe Rossignol
While it was previously reported that all 2020 iPad Pro models feature the same Apple-designed U1 chip as the iPhone 11 lineup, enabling Ultra Wideband support, we have compiled evidence to suggest that this may not be the case. As a reminder, Apple's tech specs for the iPhone 11 and iPhone 11 Pro list an Ultra Wideband chip for spatial awareness, but the chip is not mentioned in Apple's...