Right, iCloud and Apple and my friend being socially hacked out of his Apple account was actually what prompted me to write this series of posts regarding enabling Two Factor Authentication wherever you can, whenever you can.
Just like the Dropbox instructions though, Apple has done a pretty good job of documenting it all, both in how it works and how you go about changing things, yourself. It would be silly of me to re-hash it here, and much more logical to send you to the correct Apple information page about it.
Remember the risks
Just to re-iterate how important this is, imagine what a person who isn’t you could do with your account if they could log in as you. Not only could they lock you out of all your iOS/OSX devices, but they would also be able to see lots of personal information about you, including address, payment options (incl the last 4 numbers of your credit card) etc.
I repeat: they could also lock you out of any and all iOS/OSX devices you own. I don’t know about you, but for me that would be pretty horrific.
Enabling Two Factor Authentication, or in Apples case, 2-step verification would remove those risks almost completely. Only if they have your details and one of your trusted devices will they be able to access your account.