Tesla has recently added "PIN to drive" in a software update. That was in fact added to help prevent thefts that have been using amplification of the fob signal, but would also help stop social engineering attacks. Tesla has a newer fob coming, including as an option for the Model 3, but the PIN will help in the meantime.
Tesla added the PIN to drive capability to the Model S (MS) because early examples of the MS used a key fob that only used 40 bit encryption. This was inadequate as hackers proved they could generate all possible key code combinations just by intercepting two key fob transmissions between the fob and the MS. Later Model S, X use a more robust key fob encryption scheme.
The Model 3 is due to get a key fob based on owner feedback, the key card not being a satisfactory alternative to a fob.
It is possible that all vehicles with key fobs for entry and push button start may be able to be hacked using a key fob signal amplifier and repeater. In that case two factor authentication using a PIN to drive feature may become the standard for vehicle security.
Recently a neighbors Toyota Tundra truck was stolen. The truck had the remote key fob feature but not push button start. The owner stated that they had locked the truck on the day it was stolen. For the thief or thieves to be able to unlock and steal the truck they must have had a duplicate key or a master key.