does anyone feel BT's "security" for modifying calling plans and calling features is woefully inadequate?
Phone number and postcode aren't exactly hard to find, many of them are in the phone book after all, and you may also know the phone number and postcode of people you don't like very much, or you might just do it to random people for the hell of it. Some people are crazy like that.
So the extent of this "security" is a tick box saying "I confirm I am the account holder" which is frankly laughable.
Rectifying an unauthorised change in calling plan or features is a minor inconvenience for the account holder at the very least, quite possibly involving refund requests and the loss of legacy call packages. People do stuff online just because they can, you have to assume that.
It seems to me that this order system was introduced in a time before "My BT" came into existence, so crazy ideas like passwords were never introduced. About time, BT?