The option is currently available only to users based in the US, UK, Australia, Ireland, and New Zealand, and is definitely an improvement over the previous additional protection mechanism that included security questions.
Users can set up the feature in the "Password and Security" settings in their Apple accounts, and will be required to add (if they haven't already) the number of the phone(s) to which Apple will be sending the verification code.
They will also be given a recovery key to use in case they lose the device or forget their password, and are advised not to store it on the device or computer in case they are compromised.
Apple has also decided to prevent their support personnel falling for social engineering attacks such as those that led to the unfortunate compromise and trashing of Mat Honan's Twitter, Google and iCloud accounts by making it impossible for anyone but the account owner to reset their password, manage their trusted devices, or create a new recovery key once 2-step verification is turned on.
"You must be responsible for remembering your password, keeping your trusted devices physically secure, and keeping your Recovery Key in a safe place," the Apple FAQ page additionally warns. "If you lose access to two of these three items at the same time, you could be locked out of your Apple ID account permanently."
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.