A while back, I enabled two-factor authentication to a number of my accounts following Mat Honan’s terrible hacking story.*
This morning I noticed that, without any fanfare, Apple has extended that preference to the iCloud.com website portal …
… so that to log in to iCloud, I need to have one of my ‘trusted devices’. (Well, given the Snowden/NSA revelations, ‘trusted device’ is a relative term now, surely?)
Apple sends a four-digit verification code which is entered and voila!
Anyway, that’s a good step.
I highly recommend you enable two-factor authentication on your key accounts. It’s a small inconvenience with a huge potential pay-off in terms of security.