Most important Apple security-related article I've read

Christina Warren has written what is probably the most important Apple security-related article I can remember reading: "How I Hacked My Own iCloud Account, for Just $200".

There is a lot of meat in this article but I want to point out two things. First, Christina reminds us that even if you have a strong password, there are many ways to grab or nullify that

Cubrilovic lists them in order of popularity and effectiveness:
    1. Password reset (secret questions / answers)
    2. Phishing email
    3. Password recovery (email account hacked.
    4. Social engineering / RAT install / authentication keys

But having recently activated Apple's two-factor authentication, I was still feeling smug. Then Christina springs the trap.

As we've mentioned before, Apple's two-factor implementation does not protect your data, it only protects your payment information.

Wait?! What?

Yes, if you have two-factor authentication enabled, the password reset process for an account can be greatly impeded (you need to provide a special one-off key before you can reset a password), but assuming someone can get your password anyway using any number of phishing or remote-access methods, two-factor verification is absolutely not required for accessing an iCloud backup.

Indeed. I immediately looked at Apple's FAQ on the topic, Frequently asked questions about two-step verification for Apple ID, and it states:

It requires you to verify your identity using one of your devices before you can take any of these actions:
    * Sign in to My Apple ID to manage your account
    * Make an iTunes, App Store, or iBooks Store purchase from a new device
    * Get Apple ID related support from Apple

So Apple's 2FA is only focused on purchases and account management. It is not used to protect your data.

Given Apple's push for users to use iCloud for many more things in iOS 8 and OS X Yosemite, I believe Apple needs to put some serious resources behind protecting your data too.

(UPDATE: Apple appears to be taking some good steps in the right direction on this topic: "Tim Cook Says Apple to Add Security Alerts for iCloud Users")