What is not mentioned is that you should protect your code signing certificate with "strong private key protection". To do that you have to export your current code signing certificate in PFX with the private key and then import it back (it can be done on the same computer) using the "strong private key protection" check box in the import option as shown in the picture below. At the end of the import process you will have an additionnal prompt to enter the password used to protect your private key. Obviously if you plan on protecting your private key with a password it's a good idea to NOT mark it as exportable...
Here is the password prompt for the private key protection.
Now each time you will try to use this certificate you will be prompted to enter this password.