I don't get Apple's password based security at all. The stupid question/answer thing they forced everyone to do was just crazy.
You have a physical device in your possession. Apple don't seem to have heard about two factor auth. If the only company on the planet that obsessively ties consumer hardware and software into a single cohesive product can't get their shit together the future worries me.
It should be the default (with an opt out for access from non-apple devices) for every Apple service to authenticate with the device as well as the password. Anyone who steals your Apple login but not your phone should have zero chance of accessing your data.
Except the article seems to be saying that Apple's two-factor auth isn't required to access iCloud backups and that it only protects account details, payment methods, etc.
You have a physical device in your possession. Apple don't seem to have heard about two factor auth. If the only company on the planet that obsessively ties consumer hardware and software into a single cohesive product can't get their shit together the future worries me.
It should be the default (with an opt out for access from non-apple devices) for every Apple service to authenticate with the device as well as the password. Anyone who steals your Apple login but not your phone should have zero chance of accessing your data.