Can you elaborate on this problem? I checked the various processes for retrieving a password and, although I agree 2 factor authentication would improve security, it doesn't seem to me that "Anyone that knows your email address can log into your account, select the option that they forgot their email password, and then change your password." Below is a screen snapshot showing that a password reset link will be sent to the associated email address. The other methods of retrieving account information require your Cox PIN or the last 4 digits of your SS #. What am I missing?
About 10 years ago Cox began using SSL/TLS for email accounts — before then I had lots of problems with email addresses being spoofed. Since then I have had very few problems with my Cox email accounts.