I recently read some hacks about using SMS or the last 4 digits to gain access to carrier's support and port the number somewhere else. They do this so they can reset passwords to bank accounts, gmail, paypal, ebay, amazon, twitter and any other account you access with your phone. Really, your phone is the gateway to almost everything you do online.
To prevent this type of hack, companies like T-Mobile MUST implement a Two-Factor authentication system to prevent this type of hack. A two factor system is something I know (A Password, last 4 of SSN) and something I have (RSA Physical FOB or Google Authenticator app).
If T-Mobile is listening, implementing a real two factor system for CALL IN REQUESTS to support. This will almost stop any hacking to accounts that have this type of system setup for authentication.
This type of system is in use by Gmail, Amazon, Ebay, Paypal and many other systems that are truly trying to stop hacking of accounts.
Obviously, you should have a 6+ digit login on your phone so if your phone is lost, it's hard to gain access. but if a Two-Factor system is setup so a representative I call can ask me for my second factor, I have to have the authentication device available to make changes to my account.
Google Authenticator is available for FREE and can be installed, setup and used immediately for anyone that wants to use it and the company (future T-Mobile or bank) they are trying to gain access to is using.
Here is some reading material about a recent hack related to this and Verizon:
T-Mobile, please listen and implement this for your customers
Member since 1999