Even if your password is impossible to guess, if it does fall into the wrong hands, your account could be vulnerable. For that reason it is a good idea to set up two-factor authentication. Once you have this system in place a hacker would need more than your username and password to access your account, they would also need to have access to your iPhone to access a security code.
How two-factor authentication works
Once you log in with your Apple ID, you're sent a single-use security code, often as a text message, and you have to enter that too, to access your account. So if someone tries to log in with your password, but they don't also have physical access to your phone to get that second security code, they can't log in. Read: How to choose a safe password and keep your data secure
How can I set up two-factor authentication
Start by switching on two-factor authentication for your iCloud account. You will need to log in to your iCloud account at icloud.com. Then click on your name in the top right corner and open Account Settings. Next click on your Apple ID to be taken to the My Apple ID page.
Next click on Manage Your Apple ID and sign in
Open the Password and Security link. Answer the security questions and click Continue.
You will be prompted to answer some questions. Hopefully you will be better at this than we were as we’d forgotten the answers. When you set this up the first time you must make sure that you have good answers to your security questions - not answers anyone could easily guess.
Next click on the Get Started button. Supply the phone number of a phone where you can receive SMS messages - Apple is going to send you a code via SMS.
Verify your phone number
The next screen you will see is the Verify Phone Number screen. An SMS containing a four digit code should have appeared on your iPhone. Enter that code in the Verification Code boxes. Read: Are Macs safe from viruses and hackers
When you click Continue you will see a Verification Key. This can be used to unlock your account if you don’t have the iPhone you’ve just registered handy. Keep this key somewhere safe.
When will I receive a verification code
Whenever you log in to iCloud.com to manage your account, make a purchase from a new device, get Apple ID-related support, or use one an Apple’s app at iCloud.com, Apple will send a verification code to the phone you registered to check that you are the person using the service.