Starting on June 15, Apple will require third-party apps that use iCloud to use app specific passwords that the user sets up. This also means that you must be using two-factor authentication for your Apple ID. Here’s what this means for you.
Apple’s latest move will greatly enhance security for customers. MacRumors received an email that spells it out:
Beginning on 15 June, app-specific passwords will be required to access your iCloud data using third-party apps such as Microsoft Outlook, Mozilla Thunderbird, or other mail, contacts and calendar services not provided by Apple.
If you are already signed in to a third-party app using your primary Apple ID password, you will be signed out automatically when this change takes effect. You will need to generate an app-specific password and sign in again.
If you are already using two-factor authentication, chances are you’ve also been using app specific passwords. When you set up a special password for an app such as an email client, it will be linked to your Apple ID without the app accessing your account password.
This will no doubt be an inconvenience to customers, and it will be a hassle to set up. But—and this is important—this measure will increase your overall security. This change won’t affect apps that use iCloud Drive. CloudKit already makes sure that each app has its own secure sandbox in your Drive.