Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple makes unique passwords mandatory for third-party apps accessing iCloud

As of June 15, Apple will begin requiring app-specific passwords for third-party apps that need to access iCloud data, the company said in an email notice to users.

While unique passwords are already in play, the arrangement is becoming mandatory — on the 15th, people signed into third-party apps with their main Apple ID password will be automatically signed out. To generate custom passwords people will have to turn on two-factor authentication for their Apple IDs, click "App-Specific Passwords" under Security, then on "Generate Password."

The option asks users to assign a label to each password for easy memory, a given example being "Bill Pay."

While inconvenient, the change is presumably meant to protect people from having their main Apple ID logins stolen, whether by unscrupulous app developers or indirectly through security breaches.

Apple has been gradually ramping up security across its platforms in the face of both privacy concerns and direct threats. In March, a hacker group threatened to wipe data from millions of devices unless it was paid a ransom. Apple denied that its systems had been compromised, and the threat ultimately wasn't carried out. The group claimed to have been paid off by someone, but may also simply have faked the transaction to preserve credibility.



7 Comments

coolfactor 20 Years · 2342 comments

This is going to create a lot of noise from unhappy, confused people.

Soli 9 Years · 9981 comments

It's about time! Also, I agree with @coolfactor that it'll cause issues for many people.

SpamSandwich 19 Years · 32917 comments

"Gotta be careful Jerry, there are a lot of nuts out there."

robertwalter 9 Years · 276 comments

This is going to create a lot of noise from unhappy, confused people.

Agree about the confusion for some. But people complain regardless, so if they complain about something that's good for them, think if there is any way to make easier while meeting  targets, or any better way to communicate why the change is in their interest. If you can't optimize either then benignly ignore them. 

robertwalter 9 Years · 276 comments

I noticed recently where one of my 3rd party apps pulled login credentials from my keychain. 

I wonder how Apple ensures that the key and the app match when the matchmaker is based on a website domain.