This is important!
Your Apple ID isn’t just for your Contacts and Calendar in iCloud, it holds your personal and credit card information. It also allows purchasing content from iTunes. If someone with malicious intent gets your password changed, then you could be facing a lot of trouble and inconvenience.
Two-factor authentication offers real protection against this threat. It uses something you know (but that a thief can get) and something you have (most thieves won’t be able to get both). So please consider implementing this for your own Apple ID account.
Rather than create a mediocre guide, I’m linking to perfection. iMore offers a terrific step-by-step guide to implement this solid level of protection. iMore is a great resource for Apple rumors and tutorials.
* One important thing missing from the iMore guide is that Apple mandates a waiting period of 3 days to complete the process. This allows time for Apple to send messages to email addresses on your account. This is good just in case it’s not you implementing the Two-Step Verification.