Apple to Require App-Specific Passwords For Third-Party Apps Accessing iCloud - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

Apple to Require App-Specific Passwords For Third-Party Apps Accessing iCloud

by

Apple is now offering app-specific passwords for third-party apps that access iCloud, allowing users to generate unique one-time use passwords to sign into iCloud securely. In a support document, Apple describes app-specific passwords as a feature of two-step verification and states that app-specific passwords will be required to sign into iCloud when using a third-party app beginning on October 1, 2014.

appspecificpasswords

If you use iCloud with any third party apps, such as Microsoft Outlook, Mozilla Thunderbird, or BusyCal, you can generate app-specific passwords that allow you to sign in securely, even if the app you're using doesn't support two-step verification. Using an app-specific password also ensures that your primary Apple ID password isn't collected or stored by any third party apps you might use.

App-specific passwords, which have long been used by other sites like Google, are a function of two-step verification. Typically, two-step verification requires a user to enter a verification code, but oftentimes, the codes will not work properly in third-party apps, so app-specific passwords are substituted instead.

As outlined in the support document, app-specific passwords can be generated by accessing My Apple ID, where the option to generate an app-specific password is listed under Password and Security. According to Apple, users can have up to 25 active app-specific passwords at a time, which are listed in the Password and Security section of My Apple ID.

appspecifichistoryGenerating an app-specific password is limited to accounts with two-factor authentication turned on, and for security reasons, Apple sends an email whenever an app-specific password is generated. App-specific passwords will be revoked whenever a user's primary Apple ID password is changed, requiring new app-specific passwords to be generated.

Apple's new app-specific passwords follow the launch of two-factor verification for accessing iCloud.com and come after a hacking incident that saw the iCloud accounts of several celebrities compromised due to weak passwords.

Apple CEO Tim Cook has promised to improve iCloud security by increasing awareness about two-factor verification, as well as sending out security emails whenever a device is restored, iCloud is accessed, or a password change is attempted.

Popular Stories

iOS 27 on iPhone 17 1

iOS 27 Will Add These New Features to Your iPhone

Saturday May 2, 2026 8:43 am PDT by
Apple is expected to unveil iOS 27 during its WWDC 2026 keynote on June 8, and there are already many rumored features and changes for iPhones. The first developer beta of iOS 27 will likely be available immediately following the keynote, and a public beta typically follows in July. Following beta testing, the software update should be released to all users with a compatible iPhone in...
Read Full Article93 comments
Apple Event Logo

Apple Just Released a New Accessory

Monday May 4, 2026 8:13 am PDT by
Apple today released a new Pride Edition Sport Loop for the Apple Watch. The band features a rainbow design with 11 colors of woven nylon yarns. The new Pride Edition Sport Loop is available to order now on Apple.com and in the Apple Store app in 40mm, 42mm, and 46mm sizes, and it will be available at Apple Store locations starting later this week. In the U.S., the band costs $49. There...
Read Full Article
Apple Announces 2026 Pride Band Watch Face and iPhone Wallpaper Article 2

iOS 26.5 Coming Soon With These New Features

Monday May 4, 2026 8:40 am PDT by
iOS 26.5 is expected to be released next week, following more than a month of beta testing. The update is relatively minor, but there are a couple of new features and changes across the operating system that we have recapped below. iOS 26.5 lays the groundwork for end-to-end encryption for RCS in the Messages app and ads in the Apple Maps app, and it will include a new Pride wallpaper and a...
Read Full Article45 comments

Top Rated Comments

rdlink Avatar
rdlink
152 months ago
... That Google users have been using for about 7 years now.

And by 7 years you mean 3, correct?

http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

Way to build credibility. Oh, and by the way, if you ask 10 gmail users on the street today whether they use 2FA on their gmail account I would be willing to bet at least 7 of them say, "What's that?"
Score: 10 Votes (Like | Disagree)
M
MikhailT
152 months ago
It feels like apple had all of these securities measures built but just never released for various reasons.

Scaling to millions of users is a very tough task, regardless of how much money the company has. Scaling is what Google excels at, which is why they had almost all of this in place when they had 2FA on and their authenticator app.

Apple's great at creating the demand but they suck at supplying it (scaling).
Score: 4 Votes (Like | Disagree)
T
tYNS
152 months ago
iCloud Mess

is it me or is this all getting to be a mess.

Steve was all about simplifying things. iTunes is an utter mess. It doesn't even have an identity of purpose now.

Plug in syncing, wireless syncing, management of syncing through itunes on both wireless and wired, manual management of content that gets rid of previous said options. icloud downloading of content, itunes match, home sharing (which never works), now account sharing between people in your family, iphoto streaming, iphoto library with video and photo backup, icloud 2 question authentication, icloud 2 factor authentication, app specific password, icloud keychains.

HONESTLY?? Can we not do a better job of simplifying this? Then you get constant backup error messages saying icloud couldn't backup guilting you into buying more icloud storage.

Now every time you change something on your account you get 5-10 emails in a row telling you something changed and a message popping up on every device telling you something changed.

This is a complete mess. and NO MERE MORTAL will understand what this all means.

Seriously. The whole Spirit of Steve was to do better on issues like this.
Score: 3 Votes (Like | Disagree)
topmounter Avatar
topmounter
152 months ago
Drowssap1 thru Drowssap25
Score: 3 Votes (Like | Disagree)
D
Dreday24
152 months ago
so they have almost caught up to google.
Score: 3 Votes (Like | Disagree)
S
spectrumfox
152 months ago
Or here's another reason: Apple wants to make sure their users' experience is predictable and as simple as possible.

App specific passwords, and setting up 2FA in Google is a kludgy mess, and has run inconsistently at times, to the point that many people I have recommended do it end up going back to simple password authentication out of pure frustration. Their experience has been similar to mine (and I know what I'm doing). But I recognize the risk involved with using gmail without 2FA, so I have put up with it.
Wow, some of you really like just making stuff up on these forums huh?

As long as you sound like you know what you're talking about, and praise Apple, no one will really question you.

Gotta support the team, I guess. :apple:
Score: 2 Votes (Like | Disagree)
Read All Comments
Related Apple News: Travel | Culture | Technology | Entertainment | South Africa