Apple upped its account security for Apple IDs years ago to prevent unwanted and unauthorized third-party access to all your information. Apple relies on Apple ID across all its software and services, but third-party software can only gain access to three kinds of data: email, contacts, and events.
Apple requires web-connected and native mobile or desktop software—on iOS, Android, Windows, macOS, and others—that want to use any of those three kinds of data to use a special kind of access. You create a so-called app-specific password for each piece of software to which you want to grant access.
Google and other ecosystems offer a similar approach to reduce the opportunity for exploitation. Apple lets this password be used for email, contacts, and events; some other systems require you lock it down to one of those three services, or even to a task as specific as “retrieving email.”
