App-specific passwords allow you to sign in to your account securely when you use apps that don’t natively support two-step verification or two-factor authentication. There has been quite a bit of conjecture on the internet that very soon, any non Apple application that access iCloud data, like Microsoft Outlook, and specifically Windows machines accessing iCloud information will be required to use an application specific password.
Before creating app-specific passwords, two-factor authentication must be enabled for your Apple ID. As of iOS 10.3 and later, two-factor authentication is automatically setup for new Apple ID accounts. iOS 10.3 also auto-prompts existing accounts to upgrade. This makes sense as apple has been pushing people to use two-factor authentication now in many ways.
To make an app-specific password, do the following:
- Sign in to your Apple ID account page at https://appleid.apple.com
- In the Security section, click Generate Password below App-Specific Passwords.
- Fill in a name for the password you are creating so you can remove it if you desire later
- A dialog will come up and show you the password that was generated
- After you generate your app-specific password, enter or paste it into the password field of the app as you would normally.
You can have up to 25 active app-specific passwords at any given time. If you need to, you can revoke passwords individually or all at once.
If you want to revoke one of these application specific passwords, in the security section of your applied management page, click on edit. Then under App specific passwords, click View History. You will be shown a list of all the application specific passwords you have used. Click on the one you want to remove and click to remove it.
Get used to this because tighter security is coming to an iCloud account near you very soon.