It’s no secret that device and data security is a major focus for Apple. And to further its fight, Apple has announced in an email to its users that as of June 15, it’ll require the use of app-specific passwords for anyone signing in to iCloud using a third-party app for mail, contacts, and calendar services not provided by Apple. So if you use an email app like Microsoft Outlook, Mozilla Thunderbird, etc., this affects you. And if you’re already signed into a third-party app using your primary Apple ID, you’ll be automatically signed out on June 15th if you don’t set up these individual passwords ahead of time.
However, this only affects third-party apps. If you’re using Apple’s built-in mail, contacts, or calendar apps—or apps from the App Store that integrate with iCloud using Apple APIs—this doesn’t affect you (so you don’t need to worry). Apps using Apple APIs are ones you downloaded from the App Store that didn’t ask for your iCloud password.
What is an app-specific password?
An app-specific password is a password that’s unique to each app. So if you’re one of those people who uses the same password for everything, this change may be difficult. But let’s be honest, your password probably sucks. So this is for your own good. Apple states that doing this will “ensure your primary Apple ID password won’t be collected or stored by any third-party apps you might use.” That’s because app-specific passwords give third-party services randomly, hard-to-guess generated passwords instead of your real iCloud password. So while you’ll need a password for each app, your information will be much more secure. And the good news is you can always sign into your Apple ID account page to retrieve those passwords at any time.
How do I set up an app-specific password?
The first thing you need to do is turn on Two-Factor Authentication.
If you’re running iOS 10.3 or later on your device, you should’ve been prompted to set up Two-Factor Authentication already. If you’re running iOS 10.2.1 or earlier, follow the steps below.
On your iPhone, iPad, or iPod touch with iOS 9 or later:
Tap Settings and sign in, if necessary
Select your profile, then tap Password & Security
Tap Turn On Two-Factor Authentication
On your Mac with OS X El Capitan or later:
Open Settings / System Preferences (click the app in your dock or the Apple logo in the top, left corner of your display > System Preferences > iCloud)
Sign in, if necessary, then click Account Details
Click the Security tab along the top
Click Turn On Two-Factor Authentication
Now that two-factor authentication is on, you can generate app-specific passwords. To do this:
Sign in to your Apple ID account page online
Scroll down to the Security section of the page, then click Generate Password below App-Specific Passwords
Enter a label. This is so you’ll recognize which password belongs to which app or service.
Copy down the generated password (preferably in a secure place like a password manager, and not on a Post-It note on your desk). It should be a string of random characters.
Open your third-party app and sign in with that generated password you just copied down, not your regular iCloud password.
That’s it! Repeat those steps for any other third-party apps that need an iCloud sign in.
You can store up to 25 app-specific passwords at once. And again, you can go back into your Apple ID account page at any time to view, edit, manage, and even remove your app-specific passwords.