If you use iCloud for email, calendar events, or contacts with any apps other than those made by Apple, and you haven’t upgraded the security on your account to use two-factor authentication (2FA), syncing and other interaction will fail starting June 15. That’s when Apple imposes a new security requirement that requires unique passwords for all third-party software that works with iCloud accounts. That includes apps like BusyContacts, Fantastical, and Thunderbird, to name a few of hundreds, as well as online services that sync with iCloud or retrieve email.
I mentioned this in an article last week. Apple’s two-factor authentication is problematic, and as Glenn Fleishman points out at Macworld, it’s not that secure. In fact, it’s probably less secure, at least as far as third-party apps are considered.
Glenn mentions that John Chaffee of BusyMac, developer of BusyCal and BusyContacts, “has been trying to get attention for this problem for some time.” Chaffee says, ““My guess is that 99 percent of users have no clue about app-specific passwords and Apple does very little to help them figure it out. The vast majority of our tech support requests are from users who are unable to connect to iCloud and have no idea why.”
Indeed. Users of third-party apps will be flummoxed, and many will blindly go turn on two-factor authentication and encounter problems that will lock them out of their iCloud accounts, if they do anything slightly wrong. But beyond that, I think that many people will stop using third-party apps; I’m thinking of doing so. Even though I think that Apple’s Calendar is inferior to the many third-party calendar apps for macOS and iOS, I’m not prepared to again enter the two-factor labyrinth, that was such a disaster the first time I tried it.
And Apple points out that, this time, if you turn on two-factor authentication, you cannot turn it off. I think this is going to be a disaster for many users, and for developers of third-party apps that need access to iCloud data.