Apple ID 2-Factor Authentication and 3rd Party App-Specific Passwords

View previous topic View next topic Go down

Apple ID 2-Factor Authentication and 3rd Party App-Specific Passwords

Post by bdahm on Sat Jun 17, 2017 11:28 am

On June 15 Apple began enforcing App-Specific Passwords for 3rd party apps that access iCloud data. Most notably this would apply to calendar data and email data from non-Apple apps. The idea here, as I understand it, is Apple does not want these 3rd party apps to have your Apple ID. Google does something similar with it's 2-Factor Authentication. 

Apple has had 2-Factor Authentication for several years now, but its use has been strictly voluntary. With the requirements for 3rd party apps one will have to turn on 2FA, then provide app-specific passwords for those apps accessing iCloud data. If you aren't getting prompted for these app-specific passwords, you probably don't need to concern yourself with this, although it would still be a good idea to protect your Apple ID with 2FA. 

Here are some links to help you navigate this process.

https://support.apple.com/en-us/HT204397

https://www.imore.com/how-generate-app-specific-passwords-iphone-ipad-mac

It's always a trade-off between convenience and security, but given the increasing number of threats these days, we have to tilt toward security.

-Bill

bdahm
Admin

Posts : 437
Join date : 2009-05-15
Age : 74

View user profile http://www.tinyurl.com/thaijournal

Back to top Go down

What is 2 Factor Authentication?

Post by bdahm on Sun Jun 18, 2017 4:24 pm

For those who may not be familiar with what 2 Factor Authentication is, it's an extra level of security for those sites that offer it. Basically we already have an ID and a password, which would be a single factor, but if someone were to learn these as a result, say, of a phishing scheme, malware, or hack, you're pretty much out of luck. 2 Factor Authentication adds something else to the mix such as an OTP One Time Password or time code that a bad buy is less likely to have access to. So in the case of an OTP, the site will send you a text with a 5 or 6 digit code that you must enter in addition to the credentials you have already entered, i.e., ID and password. These codes are only active for a short period of time and if it either does not reach you or you fail to enter it, that's the end of the logon procedure. 

Numerous sites offer such multi-factor authentication. Gmail, Amazon, DropBox, Yahoo, and many others offer such enhanced authentication. It's one more step, but it's a good trade-off. Apple has used a form of this for a couple of years now, but I only turned it on when the requirement for 3rd party app passwords came into effect. It's quit simple and well worth doing given all the security threats out there.

-Bill

bdahm
Admin

Posts : 437
Join date : 2009-05-15
Age : 74

View user profile http://www.tinyurl.com/thaijournal

Back to top Go down

One More Thing ...

Post by bdahm on Thu Jun 22, 2017 8:05 pm

One more thing of note should you decide to create app-specific passwords. Copy and save those passwords somewhere, in your password manager if you are using one such as LastPass or 1Password, because you could be re-prompted for those passwords down the road. I would have thought that once provided, I would not have to use them again, but I have been prompted a couple of times to re-enter them. There is an option to save it to your MacOS Keychain, but that doesn't help you on your iOS devices. Otherwise you will just end up generating a new app-specific password. It could be a real pain. You can have up to 25 app-specific passwords.

If you go into your iCloud account using your web browser, you can review or revoke any app-specific password, but you are not able to view just what that password is. Live and learn.

-Bill

bdahm
Admin

Posts : 437
Join date : 2009-05-15
Age : 74

View user profile http://www.tinyurl.com/thaijournal

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum