On March 21st, Apple made two-factor authentication available for certain devices running iOS 9.3 or MacOS X El Capitan.
Now, let me save you some time.
If you are following the instructions, but not seeing 2FA available in your iCloud security settings, you probably have two-step verification already enabled.
In order to configure 2FA, you will have to disable two-step verification from one of your devices. This will require you to provide some inane ‘security question’ answers, but don’t worry – you won’t use them a single time.
One other note – if you’re signing into a MacOS X device with your iCloud credential, that goes away as well. You will be required to set a new local password that will be used to gain access if you cannot access your 2FA device(s). This may be a challenge for centrally managed environments, and could violate one of more of your internal policies. So please ask your IT department before doing this on a company-owned or managed device.
Once you’ve disabled two-step verification, you can follow the instructions linked above to configure 2FA. It’s pretty slick!