So it's been 14 months since 2FA was first offered as an option to some people. Unwise to accept, it seems, because there isn't a way to change it later.

One of my family has 2FA, the others don't. We'd like all our family accounts protected, but there seems to be no option on the new-look BA website to set up 2FA.

Astonishingly (and in defiance of the most basic cybersecurity principle) there does not even seem to be an option on the website to change password. You can change your email address, but not your password. You have to google for a link somewhere else on the net, click on that, and (bizarrely) wait "up to 15 minutes" for a change-password email. That has a link in it, which just dumps you on the home page unless you are logged in. All super messy.

Furthermore, logging in and out continues to produce bizarre results. Sometimes you aren't really logged out. Sometimes logging in as someone else gets your login, sometimes theirs. Sometimes logging in works but then you are presented with another old-design screen asking you to log in again.

I really worry about the security of this website. It does not seem to be in safe hands.

Last year I tried to report the problems with logged-out accounts still remaining logged in. There is no cybersecurity contact address. Other addresses ignored my issue.