Previewed at WWDC, launching in the fall.
Apple Expanding Two-Step Verification to iCloud.com
First noticed by AppleInsider, the two-factor verification system for iCloud.com requires users to enter a verification code sent via SMS or to a trusted iOS device before the iCloud.com versions of Mail, Contacts, Calendar, Reminders, Pages, Numbers, and Keynote can be used.
Previously, accessing these apps only required an Apple ID password, but now "Find My iPhone" is the only app that remains accessible without a two-factor verification code. Computers used to access iCloud.com have a "Remember This Browser" option, requiring a verification code to be entered only once.
Originally implemented back in March of 2013, two-factor verification is an opt-in system designed to increase Apple ID account security by requiring identity verification before allowing users to make account changes or purchase content on new devices. It replaces standard security questions with a security code delivered to a trusted device.
At this time, it is unknown if Apple is simply testing the feature with some users or working on a wider rollout for all iCloud.com users with two-factor verification enabled.
Update 3:30 PM PT: Apple appears to have disabled two-factor verification for some iCloud.com accounts that previously had access to the feature, suggesting it may have seen an accidental early launch.