Mail App Spark with Two-factor authentication

Question

Spidey1010 Author

Level 1

4 points

Mail App Spark with Two-factor authentication

Hallo everybody,

in the last few days I recognized the app Spar (from readdle), which is a mail app for iOS.

Works fine and looks great, but there is one thing that bothers me:

The app stores the email account's access token.

So, if you use e.g. Gmail there is a special OAuth token.

I'm using iCloud Mail with Two-factor authentication. To use the app I had to generate a special pasword on myappleid.com.

Is that the same as a OAuth token?

So my question is:

Is there a security-problem, when using Two-factor authentication?

Is there a way, that my Apple ID access token (username and real pasword) can be stolen form the server of spark?

Thanks.

iPhone 6, iOS 9.3.1

Posted on Apr 6, 2016 11:54 PM

Reply

Answer 1

norm123

Community Specialist

Apr 8, 2016 11:02 AM in response to Spidey1010

Hey Spidey1010,
I understand that you have some questions regarding security of your Apple ID and an app-specific password. I would say that they are inline with each other so that you are not providing your specific password for your Apple ID.
As far as security is concerned, it is a good idea to have as it adds another level of protection for your Apple ID and devices. Dealing with an app-specific password, that will allow apps that do not support two-step or two-factor authentication access to features of iCloud like email in your specific case. The password generated would not allow you to login to your Apple ID to make changes to your account. You will have the option to revoke that password at anytime and if you reset your Apple ID password, those passwords get revoked as well. Take a look at the article below for more details.
Two-factor authentication for Apple ID
https://support.apple.com/en-us/HT204915
Using app-specific passwords
https://support.apple.com/en-us/HT204397
Take it easy

Reply