If you're an iPhone or iPad user (and who isn't?), you probably use iCloud. If you use iCloud, you probably (and should!) use Find My iPhone. If you use iCloud, you probably also use it to sync your email, calendars, contacts, and photos between devices. Maybe even Documents and Data too.
If you use iCloud for any (or all) of the features above, you need to protect your iCloud account — and the Apple ID behind it — with all the tools at your disposal. After all, you don't want someone else reading your email or browsing your contacts and photos. Just ask Wired senior writer Mat Honan, who was victimized in an epic hack enabled by compromising his Apple ID and Amazon accounts.
Obviously, you need to use strong passwords (and never recycle them on multiple sites) but this is exponentially more important for the email service that you use for password recovery. The reason is simple: If a hacker gets access to your primary email account, it's trivial for them to wrest control of your bank and financial accounts simply by clicking on the "forgot my password" link and answering the resulting emails.
If you use an Apple email account (@mac.com, @me.com, @icloud.com) as your primary email account, there's an important step you need to take to protect your account. And you should enable it right now.
It's a brilliantly simple security concept that requires two "factors" in authenticating your identification to an online service: 1) something you know (like a password), and 2) something you have in your possession (typically, your smartphone). When enabled, the site you're attempting to access will require your password and a one-time-use PIN that it sends to your smartphone via text or push notification.
It works like this:
Go to the My Apple ID page
Select "Manage your Apple ID" and sign in
Select "Password and Security"
Under Two-Step Verification, select Get Started and follow the onscreen instructions.
From here, you'll be asked to strengthen your existing password, and, in an interesting extra piece of security, you'll need to wait three days before it's enabled. According to Apple, this is done to ensure that all of your registered email accounts are notified so that someone else doesn't turn on two-step on your behalf — making it even harder to recover a compromised account.
Luckily, Apple's implementation isn't too onerous. After enabling two-step verification for your Apple ID, you will need to enter both your password and a four-digit verification code any time you sign in to manage your Apple ID at My Apple ID or make an iTunes, App Store, or iBookstore purchase from a new device.
More information can be found in the Apple knowledgebase article: Frequently asked questions about two-step verification for Apple ID.
Do you use multi-factor verification on your Apple ID? Anywhere else?