O2

It's all fluff and bluster from Tim Cook, essentially just spin to take the heat away from him and Apple for a while.

Two-factor authentication DOES NOT apply to iCloud backups.

iCloud backups can be installed on new devices with only an Apple ID and password. The use of two factor-authentication technology does have a role in iCloud but only when it comes to signing in to "My Apple ID" to manage an account; or when making iTunes, App Store, or iBookstore purchases from a new device or (lastly) getting Apple ID-related support from Apple. If you have the username and password for an account, you could set up iCloud syncing on another device and receive all stored iCloud content (pictures, email messages, contacts, etc.) without being required to use Two Step Verification

Security vendor Checkpoint have stated: "After a hacker has obtained the appropriate iCloud username and password for a person, they can use tools like (edited) to recover data from the three revisions of iCloud backups – which can include content that the user thought was deleted."

So Apple have decided it would be a good idea to send users an email when someone signs into your iCloud account:

http://www.imore.com/apple-sends-email-notifications-when-users-sign-icloudcom

Am I the only one to think that this doesn't really help at all? Someone is already signed into your account by this point and is likely already taking all your backups and data off onto their own machine. It would be far better to apply two-factor authentication to iCloud backups like they do when making a purchase on a new device.

Sorry Apple, but it's not enough!