Application specific passwords are set to become a mandatory requirement for third-party apps that access iCloud user data, according to an Apple Support email — as noted by MacRumors. Here’s the email:
“Beginning on 15 June, app-specific passwords will be required to access your iCloud data using third-party apps such as Microsoft Outlook, Mozilla Thunderbird, or other mail, contacts and calendar services not provided by Apple.
“If you are already signed in to a third-party app using your primary Apple ID password, you will be signed out automatically when this change takes effect.”
Presently, application specific passwords are used to allow non-native apps like email clients to sign in to iCloud accounts that are protected by two-factor authentication. The security measure ensures that users can still link up their iCloud account to apps and services not provided by Apple, while also avoiding the need to disclose their Apple ID password to third parties.