Apple reminds iCloud users of new app-specific password requirements

The reminder, sent to customers who have two-step Apple ID verification activated, notes that third-party services will need app-specific passwords to access iCloud data starting Thursday. Apps not switched over to the new process will be automatically signed out until a unique password is generated.

Apple originally announced the new security feature in September, saying at the time that app-specific passwords would become mandatory starting Oct. 1. No explanation was offered regarding the change in date.

Users running third-party email clients like Outlook and Mozilla Thunderbird, as well as contacts and calendar syncing services, will need to visit the Apple ID website to generate specific passwords for each app instance. As noted by Apple, app-specific passwords will work even if the target app does not support two-factor authentication.

Apple provides the following instructions for users affected by the security change:

To generate an app-specific password:

• Sign in to My Apple ID (https://appleid.apple.com)
• Go to Password & Security
• Click Generate App-Specific Password

The company also points users in the direction of a Support Pages document that further explains the extra layer of security and how it protects iCloud data.

App-specific passwords have been successfully employed by major Web service providers like Google to lock down apps tying in to accounts that manage sensitive information. The method is more secure than using a single password to link up services like email and social networks as the code can be revoked if a device is stolen or lost, thus protecting the underlying iCloud account.

Apple's system only allows 25 unique passwords, though users can revoke, add and manage app priorities through the Apple ID website.