Apple has released a new security document detailing the use of app-specific passwords for third-party apps in iCloud. A feature of two-step verification, the passwords will be required to sign in to iCloud when using third-party apps starting on Oct.
1. The passwords will allow for secure sign-ins, and ensure that third-party apps aren’t collecting or storing your primary Apple ID password.
App-specific passwords can be generated and managed from the My Apple ID page. When the primary Apple ID password is changed or reset, all of the app-specific passwords will be revoked automatically, and new app-specific passwords will be required.