App-specific passwords are set to become a mandatory requirement for third-party apps that access iCloud user data, according to an Apple Support email sent out today.
Currently, app-specific passwords are used to allow non-native apps like email clients to sign in to iCloud accounts that are protected by two-factor authentication. The security measure ensures that users can still link up their iCloud account to apps and services not provided by Apple, while also avoiding the need to disclose their Apple ID password to third parties.
However, app-specific passwords will become a basic requirement from June 15, according to Apple. The policy change basically means that users who want to continue using third-party apps with their iCloud account will have to enable two-factor authentication and generate individual passwords for each app.
"Beginning on 15 June, app-specific passwords will be required to access your iCloud data using third-party apps such as Microsoft Outlook, Mozilla Thunderbird, or other mail, contacts and calendar services not provided by Apple.
Two-factor authentication ensures that you're the only person who can access your Apple account, even if someone knows your password. To turn it on from any iOS device running iOS 10.3 or later, open the Settings app, tap your name at the top, and then tap Password & Security.
If you're using iOS 10.2 or earlier, you can enable it from Settings -> iCloud -> Apple ID -> Password & Security. If you're on a Mac, go to System Preferences -> iCloud -> Account Details, click Security, and enable two-factor authentication from there.
To generate an app-specific password, sign into your Apple ID account page (https://appleid.apple.com), go to App-Specific Passwords under Security, and click Generate Password.
Source: macrumors