Apple 'rolled out' 2-factor authentication a long long time ago. My Apple ID has been secured this way for ages.
More pertinently, and topically, is that Apple are being more reactive now when someone logs in via a device like a Windows PC. They're starting to send e-mail notifications when this happens.
They've also now introduced a means on your account of devising a clutch of app-specific passwords for third party apps that do not support 2FA. Which, they say, will be "required" come 1 October 2014.