My dad worked in telecom for a baby bell and they had 2FA fobs since at least 2004 (probably earlier but I didn’t see it until then). He wasn’t even in a consumer facing company, they made equipment for other companies. If they could implement this 20 years ago, there’s no excuse for Tmobile today.