Apple iCloud Now Requires App-Specific Passwords

Part of what we do at Cronofy is deal with the authorization challenges presented by the different calendar service providers. We handle this on behalf of our customers so that they can focus on building the differentiating value in their applications.

Apple now requires app-specific passwords to be used when connecting iCloud calendars to third-party applications like Cronofy.

App-specific passwords are a way of allowing users to segment access to their data between applications and easily identify those connections. Each application is given its own designated password which is auto-generated by the vendor’s security tool. This is only entered once.

If the user no longer wants that application to have access to their data, all they need to do is invalidate the password. All other applications will continue to operate as normal because they use a different password.

Apple has provided a support article to explain how to do this for your iCloud account.

In truth this is a bit cumbersome and can be a confusing for customers. It doesn’t have the simplicity of the authorization flow that companies like Google use called OAuth2. But it is better than storing your master account password with a service.

At Cronofy we’ve supported this option for a while and have recently updated our sign-up flow so that it now actively encourages new users authorizing access to their iCloud calendars to set up an app-specific password. We also contacted all of our customers to notify them of this change and worked with them to manage this transition, either on their behalf or by supporting them as they needed.

If you want to find out more, we tracked our activity on this as an incident on our status page.

And of course, if you’re a customer and have any questions about this please don’t hesitate to contact our support team.