[MlMt] iCloud accounts require an app specific password starting June 15th

[Rob Willett]

I don’t normally post in this group as I tend to listen.

A little word of caution for using 2FA if you are an Apple Developer. We 
found that a number of low level Apple features that have been automated 
stop working if 2FA is turned on. For us we found that auto generation 
and management of Apple Push Certificates through third party vendors 
stopped working. I will agree that this is a little esoteric and 
probably out of scope for 99.9% of the readers here, but it took us (and 
PushWoosh) some hours to track down this issue and resolve it by turning 
off 2FA. if anybody has ever had to manually issue certificates for 
Apple Push Notifications, all the associate ‘paperwork’ and manage 
them through a third party supplier, you will know what an utter 
nightmare it can be. Google is simple, Apple is horrible (IMHO), We 
happily turned off 2FA to avoid using the nightmare that is Apple 
certificate management. Indeed we’d happily jump to Googles systems if 
we could dump Apples notification servers :)

I have heard of other developers having similar types of issues with 2FA 
as we do things at a lower level and the tools can be a little, errr, 
rustic in nature. For 99% of users they don’t have a problem, though 
after saying that my other half struggles to understand it and use it 
for her Mac stuff. I can see why Apple do it.

I’ll go back to lurking now.

Rob

On 16 May 2017, at 20:31, Steven M. Bellovin wrote:

> On 16 May 2017, at 14:35, Benny Kjær Nielsen wrote:
>
>> On 16 May 2017, at 18:12, Brian LaFreda wrote:
>>
>>> MailMate does work with Apple’s app specific passwords, just 
>>> don’t use the FQDN’d email address for username. Truncate the 
>>> @me/mac/icloud.com and you’re good to go.
>>
>> I don't know if app specific passwords trigger this to be important 
>> (it's a bit weird), but I think it actually correlates with some of 
>> the user feedback I've had in the past.
>>
>> In any case, it's documented by Apple 
>> [here](https://support.apple.com/en-us/HT202304). It does sound a bit 
>> like they don't really know themselves what's going on: “Username: 
>> This is usually the name part of your iCloud email address (for 
>> example, emilyparker, not emilyparker at icloud.com). If your email 
>> client can't connect to iCloud using just the name part of your 
>> iCloud email address, try using the full address.”
>>
>> It gets even weirder when reading the instructions for the SMTP 
>> username: “Username: Your full iCloud email address (for example, 
>> emilyparker at icloud.com, not emilyparker)”
>>
>> But as the developer of something as idiosyncratic as MailMate I 
>> really should not be the one to point fingers :)
>
> I will note that I turned on 2FA long ago, and I've had zero trouble 
> with MailMate and its app-specific password.  You set it up once; 
> after that, it just works.
>
>         --Steve Bellovin, https://www.cs.columbia.edu/~smb
>
> _______________________________________________
> mailmate mailing list
> mailmate at lists.freron.com
> https://lists.freron.com/listinfo/mailmate