See link about 2FA 

https://www.bt.com/help/security/two-step-authentication

Use the BTWifi app and you only need to enter your log on details once and the app will do it there after.

See link re BTWifi security

https://www.btwifi.co.uk/help/security/

EDIT: see also this link and in particular

"BT Wi-fi uses sophisticated 128-bit public key encryption during login to protect transfer of your data. Account traffic is encrypted and your account is password protected".

https://www.btwifi.com/includes/components/connection-help/broadband.jsp

Thanks for the links. That definitely helps, although the system is still really insecure by default.

However, having tried to activate 2fa, I now seem so have reached a dead end where all the options are greyed out. (Tried it on two different devices with the same result).

Any ideas how to progress beyond this screen?

All Public Wifi Hotspots are "insecure".  If they were secure they would not be Public Hotspots. What is secure however is your log on details when you are logging on.

You should practice good security when using a public hotspot by ensuring your sharing features are turned off on your devices. You do not send any private and personal details over the Internet. Do not use any bank accounts etc and if possible use a VPN.

As regards setting up 2FA. It may be because you are using MyBT on a mobile device. I used a laptop and web browser to set it up. I found setting it up no problem and on checking just now I can edit it with out issue and all works in the way I would expect it to.  

Try using a web browser in "desktop" mode to see if it lets you set it up.

@gg30340 I know the hotspot itself is unsecured, and I do understand why. Nevertheless, some public hotspots at least send the password as a hash, but the one I'm using seems  to send it as plain text. (I can't check right now because I'm not on site, but I did query the source code and it appears to send a plain text 'post' request with the username and password in it. You can replicate it with a one-line cURL command).

As for actually using the hotspot,  I encrypt everything over Tailscale and send it via my home network, so no worries there!

I should just add, the hotspot I'm using is not a regular btwifi hotspot - it's a site-specific 'partnership' one. Maybe it's a different setup to a truly public one? Either way, I couldn't see any evidence of password encryption. 

If you are concerned after having read through the links I posted including the one about your username and password being encrypted when you log on,  I would suggest that to allay your fears that you stop using BTWifi and any other public hotspots and perhaps consider using your mobile phone and if need be set that up as your own personal hotspot so that you can connect a laptop or other device to that.

Ok, I've made sense of it now, having had another look at the login page.

The initial 'welcome' page uses http, but the credentials are passed by https from a different page accessible by a link, and are therefore encrypted.

Thanks for the useful links!