Apple Makes Step Toward Requiring Two-Factor Authentication for iCloud

Apple is taking steps toward requiring all iCloud users to activate two-factor authentication. In an email sent to iCloud users, Apple says:

Beginning on June 15, app-specific passwords will be required to access your iCloud data using third‑party apps such as Microsoft Outlook, Mozilla Thunderbird, or other mail, contacts, and calendar services not provided by Apple.

If you are already signed in to a third‑party app using your primary Apple ID password, you will be signed out automatically when this change takes effect. You will need to generate an app-specific password and sign in again.

To generate an app-specific password, turn on two-factor authentication for your Apple ID and then follow the instructions below:

  • Sign in to your Apple ID account page (https://appleid.apple.com)
  • Go to App-Specific Passwords under Security
  • Click Generate Password

This means that in order to use any third-party application that accesses iCloud data, you will have no choice but to activate two-factor authentication. This method of protecting your iCloud data is more secure, but it can be problematic, not working, and even locking users out of their accounts.

It’s only a matter of time before Apple requires two-factor authentication for all iCloud users, which is a mistake. It is very hard to recover from problems when this arises, and it’s important to note that many Mac and iOS users don’t have access to free phone support with Apple. You have free support for a few months when you buy a device, but, unless you purchase an AppleCare contract, that support ends fairly quickly. And if you have an iOS device more than two years old, or a Mac that is more than three years old, your AppleCare contract will have expired.

And if you do get locked out, it may not be easy to get access to your account. Apple says:

If you can’t sign in, reset your password, or receive verification codes, you can request account recovery to regain access to your account. Account recovery is an automatic process designed to get you back in to your account as quickly as possible while denying access to anyone who might be pretending to be you. It might take a few days—or longer—depending on what specific account information you can provide to verify your identity.

It’s likely that you may need access to your account very quickly, and saying that it may take “a few days—or longer” is frankly scary.

There really is no need for Apple to impose this, especially on iOS, where the device itself is authenticated with iCloud, and that authentication is passed on to third-party apps. Apple is adding an unnecessary layer of complication to its operating systems. If you use Apple’s apps for iCloud data you have nothing to worry about, but if you prefer other calendar or contact apps, then you’ll be required to jump through hoops.