Published: May 20, 2013
Updated: June 24, 2014
The following is a list of know issues.
A user can have multiple Application Passwords which increases the surface area for theft. Since the passwords are hard to remember, it might encourage people to write it down. Only one factor authentication is required to login with Application Passwords. Microsoft does not recommend writing down the password. If the password needs to be copied it is recommended that the copy password to clipboard feature is used.
Apps which cache passwords and use it in on premise scenarios might start failing since the Application Password will not be known outside the OrgId.
Client Access Control feature on AD FS will not apply if federated users use App Password.