App-specific passwords will be required to sign in to iCloud with third party apps from June 15.
NOTE: if you only use Apple apps to access iCloud data, this doesn’t affect you.
If you use non-Apple applications to sign in to iCloud to access things like your Calendar, Contacts and email messages (applications such as Outlook, Thunderbird, BusyContacts, Fantastical, etc) then Apple has tightened up security to a new level.
This change is to enable you to use these apps without revealing your iCloud password to them – accidents could happen, and your password may end up wandering further than you intended. Now you will generate separate passwords that are only valid with a particular app, and your real iCloud password will remain just between you and Apple.
App-specific passwords hide your real account credentials from the third-party service, increasing security by only giving out scrambled random passwords to non-Apple servers. These individual passwords can be revoked at any time and are independent of your primary iCloud login details.
So, how do you get these other passwords? Luckily, it is pretty straight-forward …
To use app-specific passwords, you must first enable two-factor authentication for your Apple ID if you haven’t already. With iOS 10.3 and later, two-factor authentication is set up by default for new Apple ID accounts so new users should have this done. (iOS 10.3 also prominently prompts existing user accounts to upgrade.)
With two factor authentication enabled, you can now make an app-specific password:
- Log in to the Apple ID page with your usual iCloud email address and password.
- Scroll down to the ‘Security’ area and click ‘Generate Password’ beneath the App-Specific Password heading.
- Give the password a name in the label popup (so you know what service you used it with later).
- The password will now be shown; it will be a string of 16 random characters. Copy this down.
- Open your third-party app and log out with your existing iCloud details. Then, log in again using the same email and the new app-specific password you copied from the previous step.
That’s it. You can repeat the process for each app that you have connected to iCloud, creating a new app-specific password for each third-party app. (Apple lets you have up to 25 app-specific passwords.) If you change your primary Apple ID password, all app-specific passwords will be revoked automatically and the apps will obviously stop working. Create new app-specific passwords (via the same five steps above) if you want to log in to a third-party service again after changing your primary Apple ID iCloud password.
Apple lets you have up to 25 app-specific passwords at once. At any time, you can go back into the Apple ID Security panel, click ‘Edit’ and then ‘View History’ to manage your app-specific passwords. You can revoke a specific password (identified by the label you picked when you created them) or remove them all and start over.