Apple makes unique passwords mandatory for third-party apps accessing iCloud
As of June 15, Apple will begin requiring app-specific passwords for third-party apps that need to access iCloud data, the company said in an email notice to users.
While unique passwords are already in play, the arrangement is becoming mandatory — on the 15th, people signed into third-party apps with their main Apple ID password will be automatically signed out. To generate custom passwords people will have to turn on two-factor authentication for their Apple IDs, click "App-Specific Passwords" under Security, then on "Generate Password."
The option asks users to assign a label to each password for easy memory, a given example being "Bill Pay."
While inconvenient, the change is presumably meant to protect people from having their main Apple ID logins stolen, whether by unscrupulous app developers or indirectly through security breaches.
Apple has been gradually ramping up security across its platforms in the face of both privacy concerns and direct threats. In March, a hacker group threatened to wipe data from millions of devices unless it was paid a ransom. Apple denied that its systems had been compromised, and the threat ultimately wasn't carried out. The group claimed to have been paid off by someone, but may also simply have faked the transaction to preserve credibility.