Two-Factor Authentication
One of the hardest things to do with the Internet is protect your information. The most common way to do this is to employ a username and password scheme. This technique can, and does work, it is not often the most secure. There are techniques to employ a T-N-O, or "Trust No One", security model. However, for most users this is a bit too cumbersome to setup and maintain. There is a somewhat "happy" medium. It's called "Two Factor Authentication".
The basic user and password scheme is only one factor. It is considered one factor because the username, and possibly an email address, are typically viewable to all users of the site that you are using. Two-Factor authentication is where you add an additional "factor", or method, for authenticating. A password is "something you know" and when you use enable two-factor authentication, the second factor is almost always "something you have". This second factor can be a key fob, or very commonly, a phone. The device With some services, this can be done either by app or by an SMS message.
The reason one would enable two-factor authentication is to protect their information. When two-factor authentication is enabled and if someone does manage to obtain your username and password, they would need that "something you have" object to be able to complete the login. There are many services that are now offering two-factor authentication for logins. Some of these include Microsoft's Live.com service (including Hotmail and Xbox logins on the web), Google, Apple, and many many more.
In case you have missed it, there were many celebrities whom had their iCloud backups retrieved by users. While Apple had previously allowed users to enable two-factor authentication it did not extend to their backup service, iCloud.com. Apple's two-factor authentication now extends to iCloud.com logins as well. Those who stole the pictures were able to retrieve the photos from the celebrities iCloud backups.
Those who stole the pictures were able to access the information by resetting the user's password and were able to easily guess the user's "security questions", because the answers to the questions is information that is easy to locate, given that they are individuals who are more easily recognized and are higher profile. Now, after you have enabled two-factor authentication for iCloud, you will be required to enter in a code sent to you via one of the mechanisms that you registered. When somebody does log in to your iCloud account on a non-recognized browser or device, you will receive an email stating so. If they are able to successfully login, then it is time to change your password, and deregister any devices that you may have an re-register them.
Enabling two-factor authentication will add a bit more complexity when you login, however given the benefits, it is well worth the cost of having a slightly more annoying login process.