Outlook and Two-Step Verification for iCloud

I was investigating how I can improve the security of my iCloud account.

You mentioned that Outlook.com and Gmail accounts can be protected with Two-Step Verification.

Can I do the same for my iCloud account in Outlook?

iCloud Secure buttonApple also offers support for Two-Step Verification for iCloud when you have it enabled for your Apple ID.

If you haven’t enabled it already, enabling Two-Step Authentication for your Apple ID and iCloud is a good thing.

However, enabling it means that you need to generate an App Password for use in Outlook as Outlook does not (yet) provide native support for iCloud’s Two-Step Verification. As an alternative, you can reconfigure Outlook via the iCloud application.

Step 1: Enable Two-Step Verification

First, enable Two-Step Verification for your Apple ID account:

  1. Logon to the Apple ID website. This can be done by visiting:
    https://appleid.apple.com
  2. In the section on the left, scroll down to: Security.
  3. On the bottom right, you’ll see a section about Two-Step Verification.
    Click on the “Get Started…” link.

    Apple ID - Manage your security settings - Two-Step Verification

    • Also note the sections “Security Questions” and “Select your birth date”. This is actually quite a security hole since most of the answers can be easily obtained from social media these days (and that is actually how the iCloud accounts of celebrities got compromised).
      If you do not want to enable Two-step Verification or if you are in a geographic location for which Apple hasn’t implemented it, you might be off best with a very complex code word. This can also be a long string (at least 16 characters) of random characters. Enabling Two-step Verification will turn off this recovery method and you’ll get a Recovery Key instead.

  4. Read the provided explanation and instructions and click on Continue.

    Two-step verification for Apple ID overview

  5. If you hadn’t already, you’ll now need to configure the phone number of at least 1 trusted device which can receive SMS messages. This can be any phone and doesn’t have to be an iPhone. You’ll receive a verification code via SMS which you’ll need to fill out on the website.

    Apple ID - Two-Step Verification - Verify Phone Number

  6. When you do have an iPhone, iPad or iPod, you can now verify your trusted devices on which you can receive verification codes without the use of SMS.

  7. You’ll get a Recovery Key which you’ll need to keep secure as that will be your last recovery method instead of the “Security Questions” or in case you are unable to receive an SMS message.

    Apple ID - Two-Step Verification - Recovery Key

  8. Confirm your Recovery Key.
  9. Accept the conditions and click on the button: Enable two-step Verification
  10. You’ll get a confirmation that Two-Step verification now has been enabled for your Apple ID.

    Apple ID - Two-Step Verification - Enabled

Note: Depending on your recent account mutations, you might need to wait 3 days before you can complete the process of enabling Two-Step Verification. In that case, you can only complete the process until step 5. After these 3 days, you can restart the configuration process and complete the process.

Step 2: Reconfigure the iCloud Control Panel

Once Two-Step Verification is enabled, you’ll need to enter the verification code for the iCloud Control Panel as well. When you configure iCloud for the first time, you can simply login with your iCloud credentials and you’ll get prompted to enter the verification code.

You have the option to do this via a text message (SMS) to your configured phone or via the Recovery Key.

iCloud Control Panel Two-Step Verification prompt.
iCloud Control Panel Two-Step Verification prompt.

Option 1: Two-Step Verification via a text message on your phone (SMS).
Option 1: Two-Step Verification via a text message to your phone (SMS).

Option 2: Two-Step Verification via your Recovery Key.
Option 2: Two-Step Verification via your Recovery Key.

iCloud Control Panel
iCloud Control Panel connected to iCloud via Two-Step Verification.

Step 3: Generate an app-specific password for iCloud IMAP in Outlook

IMAP account buttonNow that you have enabled Two-Step Verification for your iCloud account, you could start getting Send/Receive errors and/or password prompts in Outlook when you also have your iCloud IMAP account configured in Outlook.

A way to solve this would be to remove the iCloud IMAP account from Outlook, close Outlook and then (re)start the iCloud Control Panel to reconfigure the iCloud IMAP account again in Outlook. The downside of this method is that your entire mailbox will need to be redownloaded (synchronized) again. The iCloud Control Panel will automatically generate and use a special “App-specific password” to be used with the IMAP account.

Another way to go would be to generate this special “App-specific password” for Outlook yourself. This is also required when you decide to configure the iCloud IMAP account manually in Outlook or in another mail application which isn’t controlled by the iCloud Control Panel (like the Mail app in Windows or on your phone).

You can no longer use your current iCloud password to configure an application which doesn’t natively support the Two-Step Verification method of Apple.

  1. On the account management page, in the Security section, you’ll now find a App-Specific-Passwords header where you can click on the “Generate Password…” link.

    Apple ID Security - Generate an app-specific password for iCloud.

  2. Enter a name to label this app-specific password to help you remember where you used it. For instance: Outlook.
    • Note: Even though you labeled it, once generated, you won’t be able to go back and look up the password. It is just to keep a history and make it easier to revoke the password when needed.
  3. Click the Generate button.
  4. Copy the obtained password code.

    Generated app password for iCloud Two-Step Verification.
    Note that the dashes are part of the app password.

  5. Go to Outlook and paste or type the obtained app password when being prompted for your password.
    You can also do it directly via your Account Settings.
    • Outlook 2007
      Tools-> Account Settings…-> double click on your iCloud account
    • Outlook 2010, Outlook 2013 and Outlook 2016 (msi)
      File-> Account Settings-> Account Settings…-> double click on your iCloud account
    • Microsoft 365, Outlook 2016 and Outlook 2019
      File-> Account Settings-> Account Settings…-> select your iCloud account-> button: Repair…-> you’ll get prompted to enter your password
  6. Once you’ve updated your password, Outlook will be able to connect to iCloud again with Two-Step Verification enabled for your account.