Starting June 15th 2017 Apple will make the use of app specific passwords for iCloud mandatory. What is an app specific password? An app specific password is a unique password that can be generated from within iCloud so you can then use that password to login to iCloud from a 3rd party (non-Apple) app. The most common use for these app specific passwords is 3rd party email apps and 3rd party calendar apps. These are apps that are not created by Apple but require access to your iCloud account in order to present you your email and/or calendar. It used to be that you could just enter your regular iCloud password into these 3rd party apps and you would be able to gain access to your iCloud data. But starting June 15th Apple is implementing additional security protocols that will no longer allow you to use your regular iCloud password unless you are using it with a native Apple app. The Mac Observer has a short article explaining the details and David Sparks made a video for the folks at Fantastical 2 showing us all how to do this:
Between my wife and I we have 3 or 4 different credit monitoring services protecting our identities. Over the past year we have had several of the companies we correspond with be extremely irresponsible with our data and allow hackers to gain access to their systems. As a result, we have been given all of these credit monitoring services (lucky us). The other day I got an email from one of these services saying that my Apple ID credentials were found on a very nefarious site...meaning that somehow my Apple ID account login information had been compromised. Except I really wasn't worried.
I enable 2-factor authentication on every sensitive account I have that gives me the option to do so. That means that even if someone had somehow gained access to my Apple ID username and password they couldn't gain access to my account without physical access to my 2nd method of authentication (typically this is your phone and they text you a verification code that you must enter along with your password). In addition to 2-factor authentication I also have a unique password for all of my accounts, so I didn't have to worry about any of my other accounts being compromised. I quickly changed my password to my Apple ID and that was that.
I bring all of this up because I realize that a lot of people out there still re-use the same password for all of their accounts and don't use a secure method of storing their passwords. The Wirecutter just wrote up a great piece on the importance of using a password manager that is definitely worth a read. I am also working on a post for GeekDad on the new subscription service called 1Password for families that is a great solution for families to manage their passwords, so stay tuned for that. Be safe out there folks...