That's a false positive vs. false negative distinction too.
The GP is concerned that Tmobile allows hackers to impersonate you/your wife on the phone.
You're concerned that even after providing all possible account details - password, PIN, last four of her SSN, last bill amount, anything else they might want to ask that's not literally a live biometric scan - they can't distinguish the two of you just because you don't sound like a woman.
It's a pretty low bar. I think if you know SSN you are good to go to do anything at Tmo, including a number port. Which means phone as a 2fa is very easy to beat.
I was about to freak out, then I remembered that there's no ID in the US
I can't change anything about my phone without providing both a "Public" (Taxpayer Code: Doesn't change, commonly shared, also used as a state bank account number) and "Private" (Document number: changes per renovation, only shared for identification purposes) number
The GP is concerned that Tmobile allows hackers to impersonate you/your wife on the phone.
You're concerned that even after providing all possible account details - password, PIN, last four of her SSN, last bill amount, anything else they might want to ask that's not literally a live biometric scan - they can't distinguish the two of you just because you don't sound like a woman.
Perfection is unattainable.