The good news is that Apple has reinstated iForgot which means that the flaw has been repaired. The flaw had allowed someone to use a modified URL while answering the date of birth question on the iForgot page. This tricked the service into thinking that you had logged in properly and allowed the hacker to reset your password to gain control of the account, just knowing your birthdate and email address. Since this account is used to make purchases on the App Store, iBookstore and iTunes, the potential to have expensive purchases sent to someone else using your credit card was very high.
With the extermination of the flaw that caused the problem with iForgot, late Friday, Apple even added a way for users to get an extra layer of security by offering users a two-step verification process that requires you to verify your identity using one of your devices before signing in to My Apple ID to manage your account, before making a purchase on iTunes, the Apple App Store, or iBookstore using a new device, or before getting Apple ID related support from Apple. The advantage to opting for the two-step verification is that it raises the degree of safety and makes it harder for someone to access your account to make Apple ID related changes or to make unauthorized purchases. If you've opted in for the two step verification process, when you log in with your Apple ID# and password to make a purchase on iTunes (as an example), a 4 digit verification number is sent to a trusted device you own. That number will have to be entered in order to complete the log in.
Despite the apparent corrections and fixes made by Apple, using the two step verification process will offer more security. Yes, it is more time consuming, but imagine if your identity had been lifted. And the only time you need to enter both your password and 4-digit verification number will be when signing on to your Apple ID account, or when logging in to iTunes, the App Store or iBookstore from a new device. Sounds like a good trade-off; more protection for just a little extra hassle.
source: Apple, TheVerge via Pocketlint
The two-step verification process adds another layer of safety