So, the first step is to create a very difficult to guess password-one made up of letters, numbers, and characters. (And no, p@ssw0rd isn't going to cut it.)
Two-factor authentication-a scheme where you're asked to confirm certain interactions with Apple on a trusted device-can be helpful for changes to your Apple ID or for verifying purchases from Apple's online stores. However, two-factor authentication doesn't do you any good when someone has glommed onto your password and then accesses your photos as this isn't the kind of interaction that triggers an alert to your trusted device. TUAW's Michael Rose provides the details.
That doesn't mean that two-factor authentication is useless. If someone attempts to change your password you'll be glad you have it switched on. Our own Dan Miller provides the steps for doing exactly that in his How to Set Up Two-Factor Authentication for iCloud.
Updated 9/2/14 to provide details about the effectiveness of two-factor authentication for protecting your images.
Sign up for CIO Asia eNewsletters.