Apple to Require App-Specific Passwords For Third-Party Apps Accessing iCloud

by

Apple is now offering app-specific passwords for third-party apps that access iCloud, allowing users to generate unique one-time use passwords to sign into iCloud securely. In a support document, Apple describes app-specific passwords as a feature of two-step verification and states that app-specific passwords will be required to sign into iCloud when using a third-party app beginning on October 1, 2014.

appspecificpasswords

If you use iCloud with any third party apps, such as Microsoft Outlook, Mozilla Thunderbird, or BusyCal, you can generate app-specific passwords that allow you to sign in securely, even if the app you're using doesn't support two-step verification. Using an app-specific password also ensures that your primary Apple ID password isn't collected or stored by any third party apps you might use.

App-specific passwords, which have long been used by other sites like Google, are a function of two-step verification. Typically, two-step verification requires a user to enter a verification code, but oftentimes, the codes will not work properly in third-party apps, so app-specific passwords are substituted instead.

As outlined in the support document, app-specific passwords can be generated by accessing My Apple ID, where the option to generate an app-specific password is listed under Password and Security. According to Apple, users can have up to 25 active app-specific passwords at a time, which are listed in the Password and Security section of My Apple ID.

appspecifichistoryGenerating an app-specific password is limited to accounts with two-factor authentication turned on, and for security reasons, Apple sends an email whenever an app-specific password is generated. App-specific passwords will be revoked whenever a user's primary Apple ID password is changed, requiring new app-specific passwords to be generated.

Apple's new app-specific passwords follow the launch of two-factor verification for accessing iCloud.com and come after a hacking incident that saw the iCloud accounts of several celebrities compromised due to weak passwords.

Apple CEO Tim Cook has promised to improve iCloud security by increasing awareness about two-factor verification, as well as sending out security emails whenever a device is restored, iCloud is accessed, or a password change is attempted.

Popular Stories

iPhone 17 Pro Iridescent Feature 2

iPhone 17 Pro Clear Case Leak Reveals Three Key Changes

Sunday August 31, 2025 1:26 pm PDT by
Apple is expected to unveil the iPhone 17 series on Tuesday, September 9, and last-minute rumors about the devices continue to surface. The latest info comes from a leaker known as Majin Bu, who has shared alleged images of Apple's Clear Case for the iPhone 17 Pro and Pro Max, or at least replicas. Image Credit: @MajinBuOfficial The images show three alleged changes compared to Apple's iP...
Read Full Article78 comments
iPhone 17 Pro Dark Blue and Orange

iPhone 17 Release Date, Pre-Orders, and What to Expect

Thursday August 28, 2025 4:08 am PDT by
An iPhone 17 announcement is a dead cert for September 2025 – Apple has already sent out invites for an "Awe dropping" event on Tuesday, September 9 at the Apple Park campus in Cupertino, California. The timing follows Apple's trend of introducing new iPhone models annually in the fall. At the event, Apple is expected to unveil its new-generation iPhone 17, an all-new ultra-thin iPhone 17...
Read Full Article62 comments
iphone 16 pro ghost hand

iPhone 17 Pro: 5 Reasons Not to Upgrade This Year

Monday September 1, 2025 4:35 am PDT by
Apple will launch its new iPhone 17 series this month, and the iPhone 17 Pro models are expected to get a new design for the rear casing and the camera area. But more significant changes to the lineup are not expected until next year, when the iPhone 18 models arrive. If you're thinking of trading in your iPhone for this year's latest, consider the following features rumored to be coming to...
Read Full Article114 comments
xiaomi apple ad india

Apple and Samsung Push Back Against Xiaomi's Bold India Ads

Friday August 29, 2025 4:54 am PDT by
Apple and Samsung have reportedly issued cease-and-desist notices to Xiaomi in India for an ad campaign that directly compares the rivals' devices to Xiaomi's products. The two companies have threatened the Chinese vendor with legal action, calling the ads "disparaging." Ads have appeared in local print media and on social media that take pot shots at the competitors' premium offerings. One...
Read Full Article210 comments
iOS 18 on iPhone Arrow Down

Apple Preparing iOS 18.7 for iPhones as iOS 26 Release Date Nears

Sunday August 31, 2025 4:35 pm PDT by
Apple is preparing to release iOS 18.7 for compatible iPhone models, according to evidence of the update in the MacRumors visitor logs. We expect iOS 18.7 to be released in September, alongside iOS 26. The update will likely include fixes for security vulnerabilities, but little else. iOS 18.7 will be one of the final updates ever released for the iPhone XS, iPhone XS Max, and iPhone XR,...
Read Full Article47 comments
iPhone eSIM Feature

Apple Hints at iPhone 17 Models Lacking SIM Card Slot in More Countries

Sunday August 31, 2025 8:52 am PDT by
Another hint has surfaced that Apple is preparing to eliminate the physical SIM card tray from iPhones in more countries this year. In particular, a source familiar with the matter has informed MacRumors that retail employees at Apple Authorized Resellers in the EU are required to complete a training course related to iPhones with eSIM support by Friday, September 5. There are 27 countries...
Read Full Article124 comments

Top Rated Comments

rdlink Avatar
rdlink
143 months ago
... That Google users have been using for about 7 years now.

And by 7 years you mean 3, correct?

http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

Way to build credibility. Oh, and by the way, if you ask 10 gmail users on the street today whether they use 2FA on their gmail account I would be willing to bet at least 7 of them say, "What's that?"
Score: 10 Votes (Like | Disagree)
MikhailT Avatar
MikhailT
143 months ago
It feels like apple had all of these securities measures built but just never released for various reasons.

Scaling to millions of users is a very tough task, regardless of how much money the company has. Scaling is what Google excels at, which is why they had almost all of this in place when they had 2FA on and their authenticator app.

Apple's great at creating the demand but they suck at supplying it (scaling).
Score: 4 Votes (Like | Disagree)
tYNS Avatar
tYNS
143 months ago
iCloud Mess

is it me or is this all getting to be a mess.

Steve was all about simplifying things. iTunes is an utter mess. It doesn't even have an identity of purpose now.

Plug in syncing, wireless syncing, management of syncing through itunes on both wireless and wired, manual management of content that gets rid of previous said options. icloud downloading of content, itunes match, home sharing (which never works), now account sharing between people in your family, iphoto streaming, iphoto library with video and photo backup, icloud 2 question authentication, icloud 2 factor authentication, app specific password, icloud keychains.

HONESTLY?? Can we not do a better job of simplifying this? Then you get constant backup error messages saying icloud couldn't backup guilting you into buying more icloud storage.

Now every time you change something on your account you get 5-10 emails in a row telling you something changed and a message popping up on every device telling you something changed.

This is a complete mess. and NO MERE MORTAL will understand what this all means.

Seriously. The whole Spirit of Steve was to do better on issues like this.
Score: 3 Votes (Like | Disagree)
topmounter Avatar
topmounter
143 months ago
Drowssap1 thru Drowssap25
Score: 3 Votes (Like | Disagree)
Dreday24 Avatar
Dreday24
143 months ago
so they have almost caught up to google.
Score: 3 Votes (Like | Disagree)
spectrumfox Avatar
spectrumfox
143 months ago
Or here's another reason: Apple wants to make sure their users' experience is predictable and as simple as possible.

App specific passwords, and setting up 2FA in Google is a kludgy mess, and has run inconsistently at times, to the point that many people I have recommended do it end up going back to simple password authentication out of pure frustration. Their experience has been similar to mine (and I know what I'm doing). But I recognize the risk involved with using gmail without 2FA, so I have put up with it.
Wow, some of you really like just making stuff up on these forums huh?

As long as you sound like you know what you're talking about, and praise Apple, no one will really question you.

Gotta support the team, I guess. :apple:
Score: 2 Votes (Like | Disagree)
Read All Comments