“Apple has offer enhanced security for iCloud accounts for some time now: first two-step verification, then more robust two-factor authentication,” Kirk McElhearn writes for Intego. “Apple is now planning to tighten up this security, requiring that third-party apps that access your iCloud data need special authorization from June 15.”
“Apple recently sent emails to iCloud users who do not have either two-step verification or two-factor authentication on their iCloud accounts. Apple’s email said: ‘Beginning on June 15, app-specific passwords will be required to access your iCloud data using third‑party apps such as Microsoft Outlook, Mozilla Thunderbird, or other mail, contacts, and calendar services not provided by Apple,'” McElhearn writes. “If you simply use Apple’s apps — Mail, Calendar, or Contacts — then you won’t have to change anything.”
“And if you already use Apple’s two-step verification or two-factor authentication, then nothing will change,” McElhearn writes. “But if not, you may need to initiate a complex process to continue accessing your iCloud data from your apps.”
Read more in the full article here.
MacDailyNews Take: No pain, no gain.
Easy instructions for setting up two-factor authentication for your Apple ID can be found here.
I’m all for security, but this might be overkill or punishment for users of third party apps.
While I’ve used two-factor authentication since it was first offered, I can tell you that a great many Mac users are going to be VERY confused as to why their programs/email accounts that “use to just work” no longer do. This move will be sure to raise the ire of 3rd party software vendors who, increasingly, are the companies making usable software for the Mac (as Apple’s own application software becomes increasingly worthless).
Indeed, over the last few years I’ve seen many Mac users (especially elderly users) becoming increasingly frustrated with the COMPLEXITY of the macOS and Apple software. Simple things are no longer simple. For example when user options are hidden and only revealed if you hover your mouse in the right space (e.g., Mail program to download and save all attachments).
For hardware I can admire many aspects of minimalism, but for the operating system user clarity and ease of use needs to be paramount. Excessive security is virtually as bad as no security.
“many Mac users (especially elderly users) becoming increasingly frustrated with the COMPLEXITY of the macOS and Apple software”
Agree wholeheartedly. Most at issue is the advent of hidden features, with no visible buttons or HTML markup. It leaves elderly people and young children completely befuddled, when they were not before. I feel the crew at Apple has caved to the Droid format designed to appeal to gamers in order to be cool and it is now as user unfriendly as it gets. I have a hard time believing Jobs would have tolerated some of the latest OS changes.
It’s not just elderly or juvenile users. If you don’t expose functionality visually in the GUI, it might as well not be there. I’ve been using the mac since 1986 and consider myself computer literate and I had no idea there was a save all attachments feature.
What if user only has an iPhone and that is it?
So hot want your Apple accounts and IDs protected or don’t you?
What’s the problem? Apps will still be usable, just access your Apple ID online, create an app-specific password, and you’re done. Simple! Stop complaining!
For those with only a device – head over to your nearest Apple Store and access your account there.
Simple!
I am all for the change. And I am thankful that Apple does not send its 2FA code via the very insecure SMS system. SMS is a security joke.
I agree about the complexity, especially for the elderly. 2 factor authentication is a pain in the ass. I turned it off. It seemed like the second I turned it on, Apple was forever asking for my Apple ID and password and my phone was never with me. Always in some other room. I’ve got elderly clients who forget their passwords. OFTEN.
Then do your job better and set up Keychain to save their passwords.
Don’t know much about keychain, do you? Like even the simplest thing, as in how do you use keychain if you cannot enter the system? Or ever try to get an encrypted password out of keychain?
It doesn’t ask for it constantly. Once a device is trusted, it no longer requires the passcode. A browser window is the only place you should be prompted for it regularly. For your people who forget passwords, it’s actually easier to change your password with 2-Factor. It’s just the initial setup that is more difficult. Once it’s all done you shouldn’t notice it’s there at all.
In practice, this is not the case. I’m talking a week later at seemingly random points, devices would force authentication.
Then there is something wrong with either the account or the device in question. I personally have 3 different apple ids setup across several devices and provide IT for my extended family. All of them use 2 Factor and we do not have that problem. I have never actually gotten a single call from any of them about it once I set it up for them. For plenty of other things but not that. 🙂 So, In Practice, it SHOULD be that way.
I would suggest that you contact AppleCare and get it fixed rather than avoiding it.
Oh BTW keychain in safari can be accessed with touch id.
Followed instructions for app-specific password (Thunderbird) to access icloud – worked once then never again. Simple solution for me is to delete icloud account and go back to gmail. Two-step overkill, Apple forcing users to use its lame Mail app. Pass – easier to kill icloud acct
I use their current two-step verification. Yeah, it’s a little bit of an inconvenience, but worth it. Now, their next level shouldn’t be that different for me since I use the Apple Apps. But I don’t understand why they had to make it a pain in the ass for third parties. You’d think they could provide an API to make it easier to integrate. But, I guess it’s because they can’t trust the security model of those companies and their apps and want to mitigate the issue by walling them off into their own secure connection. Still, I hope they provide an easy to implement API for third party apps to make integrating two factor easy and consistent.
I use their current two-step verification. Yeah, it’s a little bit of an inconvenience, but worth it. Now, their next level shouldn’t be that different for me since I use the Apple Apps. But I don’t understand why they had to make it a pain in the ass for third parties. You’d think they could provide an API to make it easier to integrate. But, I guess it’s because they can’t trust the security model of those companies and their apps and want to mitigate the issue by walling them off into their own secure connection. Still, I hope they provide an easy to implement API for third party apps to make integrating two factor easy and consistent.