1. Log into MT
2. Click on your username in the top navbar to go to your profile
3. Scroll down to the bottom where you see "API Password"
4. Input the password of your choice and save. For security reasons, it should be different from your normal password
5. Use that password in your client software

Reason for the change

For those who care, I'll explain the reason behind the change. In the past, XML-RPC clients used your regular password and your Atom client used an encrypted version of your regular password (which formerly was displayed on your author profile in the same location). For various and sundry reasons mainly having to do with the protocols themselves, all communications between your client and Movable Type were sent in the clear.

What that meant is that in the unlikely possibility that someone "snooped on the line" (Man in the middle attack), they could theoretically grab the password you used. In Atom's case, that mostly meant they could use the Atom API to access movable Type and perform any function that Atom does (which is currently only a small percentage of the actions that you can take from the admin UI). However, in the case of XML-RPC, where you sent your actual password in the clear, someone could gain access to your account. These are well known problems with using these protocols on non-secure lines.

In order to provide you with extra security, we decoupled Atom and XML-RPC authentication from MT's normal authentication and gave you a field in your profile where you can easily change it as often as you like (always a good idea). This way, if anyone does happen to be listening on the lines, they only have a limited set of functions they can perform.

We apologize for the inconvenience any of you who stumbled across this issue may have experienced. Security is one of the highest priorities in every Movable Type release and our record reflects those efforts. Gotta keep the bad guys out and the good guys blogging, you know.