How to Generate, Manage and Protect iCloud's App-Specific Passwords

More and more physical services we use are becoming digital. We no longer need to pay a visit to a video rental shop whenever we want to spend a Friday evening on a couch watching a good movie, we do not need to drive to our bank branch to perform financial transactions, and we can do our grocery shopping without even stepping outside of our house. Time is money, they say, and online services surely help to save it. Unfortunately, the changing world has put some heavy burden on people's shoulders as well. Specialists say that a contemporary person has too many passwords to remember. According to a study conducted by Microsoft Research back in 2007, the average user had 25 accounts requiring passwords and 6.5 unique passwords to remember back then, but the total number of passwords users have to recall has increased with the rapid growth of services that go online. It is believed that the average user will have up to 200 online accounts demanding authentication by 2020, which is quite shocking, to say the least.

It will take some time for biometric authentication to become the primary authentication method, but we cannot let ourselves stop using online services till then, so we have no other choice but to accept the existing order and try our best to remember passwords that unlock services we use every day. These include social media accounts, Internet banking, productivity tools, various utilities, and online shops. Some people have more passwords than others, users of iOS devices in particular. Those users also have to manage the so-called app-specific passwords if they use third-party apps/services. They were introduced by Apple on June 15, 2017. At that time, all users were automatically signed out of third-party services linked to Apple ID and asked to generate app-specific passwords for them. This innovation was considered a huge inconvenience at first, but the company explained that it is a big step towards improving user privacy. Generally speaking, it is considered an extra layer of security.

App-specific passwords? Nope, never heard of these

So what is an app-specific password? The main purpose of app-specific passwords is to keep users' private data locked down with a deadbolt and protected with a body guard. No matter how secure the password you set for any online account you use is, a small risk that cybercriminals will hack it and then easily access your private information remains. The same can happen to your Apple ID account. Inevitably, the chances of being hacked doubles if the Apple ID credentials are used to log into third-party apps/services. These include calendar, contact, mail, and many other services that require entering Apple ID to access the data stored on iCloud. This is where app-specific passwords come in handy. They enable users to use third-party apps/services without revealing their Apple ID credentials, which might surely help to prevent the exposure to a cyber attack. Since the third-party app/service cannot access/store the user's Apple ID login details, hackers hiding behind untrustworthy apps/services could not use the provided details to gain access to the Apple ID account and then access private information. A brief definition that can be found on the Official Apple Support page goes like this: "app-specific passwords maintain a high level of security and help ensure your Apple ID password won't be collected or stored by any third-party apps you use."

How do I start using app-specific passwords?

If you have purchased your first iOS device, it is very likely that you do not know anything about app-specific passwords and have no idea how to generate them. Since we have already provided a substantial amount of information about these passwords in the paragraph above, let's focus on how to generate app-specific passwords.

First of all, you have to set up two-factor authentication for your Apple ID account before you can use instructions on how to generate an app-specific password. Here's how you can do that on your iPhone, iPad, or iPod touch:

How to turn on two-factor authentication

iOS 10.3 and later

1. Access Settings > [Your name] > Password & Security.
2. Tap Turn On Two-Factor Authentication.
3. Tap Continue and follow the on-screen instructions.

iOS 10.2 and earlier

1. Access Settings > iCloud.
2. Tap Apple ID.
3. Go to Password & Security.
4. Tap Turn On Two-Factor Authentication.
5. Tap Continue.
6. Follow the on-screen instructions.

N.B Be prepared to answer your Apple ID security questions.

Once two-factor authentication is turned on, you can generate an app-specific password. Then, you could enter the generated password into the password field of the application you use normally.

How to generate an app-specific password

1. Sign in to your account on the Apple ID account page.
2. Access the Security section.
3. Below App-Specific Passwords, click Generate Password.
4. Follow the steps on the screen.

Apple allows having up to 25 app-specific passwords at one time. If there is a password you no longer use, you should simply revoke it. Consequently, you will be signed out of your account. You could start using the app/service again only after you generate a new password and sign in. It should be emphasized that all your passwords will be revoked the second you change your Apple ID password.

How to manage app-specific passwords

1. Go to Apple ID account page.
2. Sign in using your Apple ID and password.
3. Under Security, click Edit.
4. Click View History under App Specific Passwords.
5. Click X next to a password you wish to get rid of (alternatively, tap Revoke All).

No doubt it will not be easy to hack your Apple ID account with enabled two-factor authentication; however, we still recommend that you take certain security measures to make sure no one but you can access your accounts using the generated app-specific passwords. First, make sure your Apple ID account is immune to hackers by setting a secure password for it. You can use Cyclonis Password Manager to generate a strong password automatically. Also, never leave your phone unattended so that unauthorized people could not overcome two-factor authentication and then log into your account. As for app-specific passwords, you are not allowed to share them with other people – they are for your eyes only. Once you have generated an app-specific password, enter it into the password field of the app/service you are about to use and forget it. Writing passwords down is never a good idea. Of course, app-specific passwords are single-use, i.e., they can be used to log into the account only once, but there is still a risk that hackers will access your account before you if they get their hands on the generated password and stars align in their favor.