In his complaint that it's not secure, he's totally correct - but the account she had in plaintext in front of her is not the same as his online (and bank? Yegads...) account password.
However, the insecurity of the Billing Code is actually worse than his website account password, as anyone could call up, figure out the 5-digit code (they've given me hints before), and change his service, request billing info mailed, etc. And good luck getting any service changed with the (more secure? Who knows...) site account password (although you do have access to billing records, which could be more valuable).
However, the insecurity of the Billing Code is actually worse than his website account password, as anyone could call up, figure out the 5-digit code (they've given me hints before), and change his service, request billing info mailed, etc. And good luck getting any service changed with the (more secure? Who knows...) site account password (although you do have access to billing records, which could be more valuable).