Apple makes unique passwords mandatory for third-party apps accessing iCloud

in iCloud
As of June 15, Apple will begin requiring app-specific passwords for third-party apps that need to access iCloud data, the company said in an email notice to users.

While unique passwords are already in play, the arrangement is becoming mandatory -- on the 15th, people signed into third-party apps with their main Apple ID password will be automatically signed out. To generate custom passwords people will have to turn on two-factor authentication for their Apple IDs, click "App-Specific Passwords" under Security, then on "Generate Password."

The option asks users to assign a label to each password for easy memory, a given example being "Bill Pay."

While inconvenient, the change is presumably meant to protect people from having their main Apple ID logins stolen, whether by unscrupulous app developers or indirectly through security breaches.

Apple has been gradually ramping up security across its platforms in the face of both privacy concerns and direct threats. In March, a hacker group threatened to wipe data from millions of devices unless it was paid a ransom. Apple denied that its systems had been compromised, and the threat ultimately wasn't carried out. The group claimed to have been paid off by someone, but may also simply have faked the transaction to preserve credibility.


  • Reply 1 of 7
    coolfactorcoolfactor Posts: 1,534member
    This is going to create a lot of noise from unhappy, confused people.
  • Reply 2 of 7
    SoliSoli Posts: 9,276member
    It's about time! Also, I agree with @coolfactor ;that it'll cause issues for many people.
  • Reply 3 of 7
    SpamSandwichSpamSandwich Posts: 31,417member
    "Gotta be careful Jerry, there are a lot of nuts out there."
  • Reply 4 of 7
    This is going to create a lot of noise from unhappy, confused people.
    Agree about the confusion for some. But people complain regardless, so if they complain about something that's good for them, think if there is any way to make easier while meeting  targets, or any better way to communicate why the change is in their interest. If you can't optimize either then benignly ignore them. 
  • Reply 5 of 7
    I noticed recently where one of my 3rd party apps pulled login credentials from my keychain. 

    I wonder how Apple ensures that the key and the app match when the matchmaker is based on a website domain. 
  • Reply 6 of 7
    john.bjohn.b Posts: 2,721member
    What about Yosemite users who can't use two-factor authentication?
  • Reply 7 of 7
    jdwjdw Posts: 786member
    Coercing people to use troublesome two factor authentication? No thanks. I'll simply avoid using any apps that dig into iCloud. 
Sign In or Register to comment.