Roger Fingas
As of June 15, Apple will begin requiring app-specific passwords for third-party apps that need to access iCloud data, the company said in an email notice to users.
While unique passwords are already in play, the arrangement is becoming mandatory — on the 15th, people signed into third-party apps with their main Apple ID password will be automatically signed out. To generate custom passwords people will have to turn on two-factor authentication for their Apple IDs, click "App-Specific Passwords" under Security, then on "Generate Password."
The option asks users to assign a label to each password for easy memory, a given example being "Bill Pay."
While inconvenient, the change is presumably meant to protect people from having their main Apple ID logins stolen, whether by unscrupulous app developers or indirectly through security breaches.
Apple has been gradually ramping up security across its platforms in the face of both privacy concerns and direct threats. In March, a hacker group threatened to wipe data from millions of devices unless it was paid a ransom. Apple denied that its systems had been compromised, and the threat ultimately wasn't carried out. The group claimed to have been paid off by someone, but may also simply have faked the transaction to preserve credibility.
Andrew Orr
William Gallagher
AppleInsider Staff
Malcolm Owen
Wesley Hilliard
7 Comments
This is going to create a lot of noise from unhappy, confused people.
It's about time! Also, I agree with @coolfactor that it'll cause issues for many people.
"Gotta be careful Jerry, there are a lot of nuts out there."
I noticed recently where one of my 3rd party apps pulled login credentials from my keychain.
I wonder how Apple ensures that the key and the app match when the matchmaker is based on a website domain.