Apple ID 2-Factor Authentication and 3rd Party App-Specific Passwords
Page 1 of 1
Apple ID 2-Factor Authentication and 3rd Party App-Specific Passwords
On June 15 Apple began enforcing App-Specific Passwords for 3rd party apps that access iCloud data. Most notably this would apply to calendar data and email data from non-Apple apps. The idea here, as I understand it, is Apple does not want these 3rd party apps to have your Apple ID. Google does something similar with it's 2-Factor Authentication.
Apple has had 2-Factor Authentication for several years now, but its use has been strictly voluntary. With the requirements for 3rd party apps one will have to turn on 2FA, then provide app-specific passwords for those apps accessing iCloud data. If you aren't getting prompted for these app-specific passwords, you probably don't need to concern yourself with this, although it would still be a good idea to protect your Apple ID with 2FA.
Here are some links to help you navigate this process.
https://support.apple.com/en-us/HT204397
https://www.imore.com/how-generate-app-specific-passwords-iphone-ipad-mac
It's always a trade-off between convenience and security, but given the increasing number of threats these days, we have to tilt toward security.
-Bill
Apple has had 2-Factor Authentication for several years now, but its use has been strictly voluntary. With the requirements for 3rd party apps one will have to turn on 2FA, then provide app-specific passwords for those apps accessing iCloud data. If you aren't getting prompted for these app-specific passwords, you probably don't need to concern yourself with this, although it would still be a good idea to protect your Apple ID with 2FA.
Here are some links to help you navigate this process.
https://support.apple.com/en-us/HT204397
https://www.imore.com/how-generate-app-specific-passwords-iphone-ipad-mac
It's always a trade-off between convenience and security, but given the increasing number of threats these days, we have to tilt toward security.
-Bill
What is 2 Factor Authentication?
For those who may not be familiar with what 2 Factor Authentication is, it's an extra level of security for those sites that offer it. Basically we already have an ID and a password, which would be a single factor, but if someone were to learn these as a result, say, of a phishing scheme, malware, or hack, you're pretty much out of luck. 2 Factor Authentication adds something else to the mix such as an OTP One Time Password or time code that a bad buy is less likely to have access to. So in the case of an OTP, the site will send you a text with a 5 or 6 digit code that you must enter in addition to the credentials you have already entered, i.e., ID and password. These codes are only active for a short period of time and if it either does not reach you or you fail to enter it, that's the end of the logon procedure.
Numerous sites offer such multi-factor authentication. Gmail, Amazon, DropBox, Yahoo, and many others offer such enhanced authentication. It's one more step, but it's a good trade-off. Apple has used a form of this for a couple of years now, but I only turned it on when the requirement for 3rd party app passwords came into effect. It's quit simple and well worth doing given all the security threats out there.
-Bill
Numerous sites offer such multi-factor authentication. Gmail, Amazon, DropBox, Yahoo, and many others offer such enhanced authentication. It's one more step, but it's a good trade-off. Apple has used a form of this for a couple of years now, but I only turned it on when the requirement for 3rd party app passwords came into effect. It's quit simple and well worth doing given all the security threats out there.
-Bill
One More Thing ...
One more thing of note should you decide to create app-specific passwords. Copy and save those passwords somewhere, in your password manager if you are using one such as LastPass or 1Password, because you could be re-prompted for those passwords down the road. I would have thought that once provided, I would not have to use them again, but I have been prompted a couple of times to re-enter them. There is an option to save it to your MacOS Keychain, but that doesn't help you on your iOS devices. Otherwise you will just end up generating a new app-specific password. It could be a real pain. You can have up to 25 app-specific passwords.
If you go into your iCloud account using your web browser, you can review or revoke any app-specific password, but you are not able to view just what that password is. Live and learn.
-Bill
If you go into your iCloud account using your web browser, you can review or revoke any app-specific password, but you are not able to view just what that password is. Live and learn.
-Bill
Similar topics
» Apple News+: Is It Worth the monthly fee? - Apple Insider
» Look, Ma, No More Passwords - Steve Gibson
» Apple Fan Boy/Girl
» What's This about Apple TV?
» Has Apple Gotten Too Big for its Britches?
» Look, Ma, No More Passwords - Steve Gibson
» Apple Fan Boy/Girl
» What's This about Apple TV?
» Has Apple Gotten Too Big for its Britches?
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum