Apple has sent an email to users of its two-factor authentication system reminding them of an upcoming change to the feature that will take effect tomorrow. Originally the requirement for app-specific passwords was supposed to start on the first of the month, but Apple has informed users that it will begin tomorrow instead. The system to generate and use these passwords is already in place.
App-specific passwords allow you to log into applications that don’t support two-factor logins, such as most email clients or other apps that may want to access your iCloud data. You can create these one-time-use passwords from the Apple ID website. Once you’ve generated the password, just plug it into the app you want to use and you’re all set.
App-specific passwords provide an additional layer of security by allowing you to keep your real iCloud password private. You can revoke a password from a runaway application at any time through the same page that allows you to create them. Deleting the password will immediately cut off the application using it from accessing your account.
The full email from Apple is below and includes instructions for using the new app-specific password function. You can also read the new help document for more information.
Thank you for using two-step verification to protect your Apple ID and the data you store with iCloud.
This is a reminder that starting tomorrow, app-specific passwords will be required to access your iCloud data using third party apps such as Microsoft Outlook, Mozilla Thunderbird, or other mail, contacts, and calendar apps.
If you are currently signed in to a third party app using your primary Apple ID password, you will be signed out automatically when this change takes effect. You will need to generate an app-specific password and sign in again.
- To generate an app-specific password: Sign in to My Apple ID (https://appleid.apple.com)
- Go to Password & Security
- Click Generate App-Specific Password