According to an Apple Support email sent out today, all native third-party apps for iPhone, iPad, Mac and other platforms will be required to use app-specific passwords to access user data stored in iCloud, not Apple ID credentials.
App-specific passwords went into effect in October 2014.
Back then, enabling two-step verification for Apple ID would turn on app-specific passwords for web-based apps and services. Starting on June 15, app-specific passwords will become a mandatory requirement for any native app that wishes to access user data in iCloud.
You can generate app passwords in the Password & Security section of the Apple ID website.
A password created for one app, like Outlook, doesn’t work in another app like Spark.
Come June 15, you’ll be automatically signed out of all apps that use your Apple ID credentials. As an example, if you set up Fantastical for Mac with your Apple ID to access your iCloud calendars, you’ll need to generate an app-specific password to continue accessing your iCloud calendars from within the app on and after June 15.
In simpler terms, you’ll be required to enable two-factor authentication for your Apple ID and generate individual passwords for each app after the cutoff date.
The change is platform-agnostic: if you use Windows 10’s Mail app to receive your iCloud data like contacts and calendars, you’ll need to create an app-specific password for it. This is for the sake of everyone’s security because signing into third-party apps with your primary Apple ID password may expose you to various attacks and hacking attempts.
To be clear, this only affects apps which access iCloud in a non-native way, which includes email clients like Outlook, Thunderbird and others. If an app has been updated to use iCloud Drive, it won’t need an app-specific password to access user data in iCloud.
Bottom line: Apple still lets you grant apps access to your iCloud data, but soon you’ll be able to do so in such a way that keeps your primary Apple ID password safe and secure.
Apple’s first-party apps are not affected by this change.