AppleInsider Staff
Apple on Wednesday sent out emails reminding iCloud users that a new security protocol requiring app-specific passwords for third-party software is scheduled to go live tomorrow.
The reminder, sent to customers who have two-step Apple ID verification activated, notes that third-party services will need app-specific passwords to access iCloud data starting Thursday. Apps not switched over to the new process will be automatically signed out until a unique password is generated.
Apple originally announced the new security feature in September, saying at the time that app-specific passwords would become mandatory starting Oct. 1. No explanation was offered regarding the change in date.
Users running third-party email clients like Outlook and Mozilla Thunderbird, as well as contacts and calendar syncing services, will need to visit the Apple ID website to generate specific passwords for each app instance. As noted by Apple, app-specific passwords will work even if the target app does not support two-factor authentication.
Apple provides the following instructions for users affected by the security change:
To generate an app-specific password:
- Sign in to My Apple ID (https://appleid.apple.com)
- Go to Password & Security
- Click Generate App-Specific Password
The company also points users in the direction of a Support Pages document that further explains the extra layer of security and how it protects iCloud data.
App-specific passwords have been successfully employed by major Web service providers like Google to lock down apps tying in to accounts that manage sensitive information. The method is more secure than using a single password to link up services like email and social networks as the code can be revoked if a device is stolen or lost, thus protecting the underlying iCloud account.
Apple's system only allows 25 unique passwords, though users can revoke, add and manage app priorities through the Apple ID website.
Bon Adamson
Thomas Sibilly
Marko Zivkovic
Wesley Hilliard
Andrew Orr
Christine McKee
8 Comments
I do not have two-step verification activated, and therefore cannot generate an application-specific password for Evolution email, which stopped authenticating with iCloud. Generating a password is not even an option when I go to the above mentioned address. So, I am slightly confused; is two-step authentication mandatory and live tomorrow, or can I opt out? If I choose to opt out, how do I get my email client working again? And if the new security measure is not live now, and if I haven't already activated it, why is my email client locked out?
This is great and I feel like Apple has actually listened to me (even though I'm sure I wasn't the only one requesting this feature), but there is a lot Apple can do to make this easier and better for the customer.
I just got my reminder overnight also... problem is that they turned this on 2 days ago!!
I think it´s a good idea to protect iCloud apps but why isn´t Find my iPhone protected? Sure It could be good to leave the part for just finding the iPhone open (for most parts) but why leave the erase function open too? Isn´t that a bit risky if someone should get access to your iCloud?
Will this apply to the iCloud dashboard? That still allowed login with userID/password last time I upgraded (V4) with no use of 2-factor auth. And given that was alledgedly the source of some photo leaks, that would be a good way to tighten the security in a simple way.