Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple to introduce app-specific passwords for iCloud-connected titles

Last updated

Come October, Apple's iCloud will have yet another layer of protection, as the company is scheduled to implement app-specific passwords for third-party programs tying in to the cloud service.

According to a Support Document posted to Apple's website on Tuesday, the new security feature will be employed to all third-party apps connecting with iCloud even if that program does not support two-step verification. In conjunction with new two-factor authentication protocols activated on on Tuesday, Apple is showing serious advances in cloud security.

If you use iCloud with any third party apps, such as Microsoft Outlook, Mozilla Thunderbird, or BusyCal, you can generate app-specific passwords that allow you to sign in securely, even if the app you're using doesn't support two-step verification. Using an app-specific password also ensures that your primary Apple ID password isn't collected or stored by any third party apps you might use.

When the system goes live, iCloud users can generate new passwords by visiting the My Apple ID home page, then create a new code from the Password and Security settings pane. The system is limited to 25 active passwords, though users have the ability to manage which apps get priority through the same setup process.

Apple's app-specific password program is akin to others already in place, including a long-standing system from Google. The method is safer than entering in a global password for connecting to services like email and social networks as the code can easily be revoked if a device is stolen of lost, thus protecting the underlying iCloud account. Additionally, many apps don't support two-step authentication and issuing an app-specific code is one way of getting around the problem.

The iCloud security feature will roll out on Oct. 1, on which day third-party apps connecting with the service will be required to sign in using a specific assigned password.