I had an interesting experience during the volcano disruptions which showed how Phone Companies aren't doing joined up thinking on Security.
I was stranded without phone access on my Blackberry. I emailed Virgin Media from my pre-registered e-mail account to ask them to give me international access for my location. Their response was that for my safety & security they couldn't accept a plain
e-mail from me. They said I had to logon to the Virgin Media website and login to my BlackBerry account and e-mail them from therein.
Unfortunately I couldn't recall my password to access my Virgin Media account. So I asked them to e-mail me my Password.
They readily e-mailed me my Password in the clear, so it hadn't been stored hashed.
I then logged on, wasn't forced to do a password re-set, and I re-sent my original e-mail request, citing the same e-mail address. They then gave me the international access I needed so that I could make alternative arrangements with family & colleagues
in the UK, as I was going to return to UK some 7 days behind schedule. In practice it took 4 days to arrange all of the above.
Given their refusal to accept my initial request from my pre-registered e-mail address, but their willingness to send out my password in the clear, rather than force me to do a password re-set, it would suggest they don't have too much joined-up thinking.