In addition to officially rolling out two-step verification for iCloud, Apple has just announced that it’s set to soon require app-specific passwords for apps that connect with its cloud storage service.
As announced by Apple in an email to iCloud users and on a newly posted support page on its website, app-specific passwords will be required when signing in to iCloud-connected third-party apps starting at the beginning of next month:
If you use iCloud with any third party apps, such as Microsoft Outlook, Mozilla Thunderbird, or BusyCal, you can generate app-specific passwords that allow you to sign in securely, even if the app you’re using doesn’t support two-step verification. Using an app-specific password also ensures that your primary Apple ID password isn’t collected or stored by any third party apps you might use. Starting on October 1, 2014, app-specific passwords will be required to sign in to iCloud using any third party apps.
To generate an app-specific password for signing in to iCloud within a third-party app, follow the instructions on Apple’s support page. Just like a normal password, the generated app-specific password is to be entered or pasted into the app’s password field.
You can have up to 25 active app-specific passwords at a time. If necessary, you can revoke passwords individually or all at once by following the steps on the support page.
App-specific passwords have long been offered by other companies, including Google and Yahoo. Their implementation for iCloud is apparently prompted by the recent nude celebrity photo leak, which has mainly thrown the security of the service into question.
In response to the issue, Apple CEO Tim Cook said that, while iCloud was actually not breached during the incident, Apple would be initiating additional layers of security for iCloud.