> 1) Ban SMS as a second factor for high risk targets like banks.

As others have pointed out, if it were just a second factor they would also need your password. SMS is being used for full account recovery, so as a single factor.

> 2) Telecom companies should require social security number

This is exactly what we should not be doing. I would like it to be harder to steal my identity than getting a 9-digit number, which can never be rotated, and which I am required to provide in plaintext to many different people in many different situations (renting an apartment, opening a credit card, etc.).

To make matters even worse, up to the first 5 digits of an SSN can be easily guessed if you know the person's age and birthplace, and the last 4 digits are used even more haphazardly than the entire number is (e.g. sometimes the last 4 are displayed in plaintext on a website while the first 5 are starred out).

Some kind of cryptographic challenge-response system might be a good solution but I don't know how to get your average computer user and customer support rep to use a system like that. All the ones I can think of are designed for computers to talk to each other so they aren't very user friendly. Is there something like Kerberos but for humans?

As I have commented elsewhere for this article, there are other countries which require and record ID for every phone number and sim. I see this as more of a control issue (from the Government perspective) since it won't be used by customer service staff for security.