Of course, there are plenty of other ways to break into an account, including using easily-discoverable personal information to socially engineer tech support reps and get a password reset done on the fly. To combat this and other bad behaviors, Apple (along with other online giants like Google, Dropbox etc.) has built out an optional two-factor authentication scheme (2FA) for iCloud. Simply turn it on, register your iOS devices, and you’ll be shielded from hacks and phishing attempts.
Unfortunately, Apple’s 2FA protection doesn’t go as far as you might think. I noticed yesterday that our friend and former colleague Christina Warren’s post at Mashable gave extra credit to 2FA:
If [two-factor auth is] enabled, this means that before a new computer or device can gain access to your iCloud data, you must approve that device with a four-digit authentication code (sent to your phone via SMS) or grant access from another enabled machine.
Advice for all, is to visit the Apple ID page where you can update/change your password and security questions and add optional 2-step verification.
Pro tip: Make sure your password and security answers cannot be guessed if someone was viewing your social network profiles and seeing your likes/achievements/hobbies/family etc.- That’s how they are typically guessed/hacked.