There are no other options. This is even more stupid than the phone number verification thing. Attemping to logging to Google Play Store on that wiped device (which previously was logged in to the account) doesn’t work either.
Luckily, this is a throwaway account, not much data of value was lost. FRP on the wiped device was also off.
But like, what is the point of this. Suppose, my phone got stolen. How am I supposed to log in to Google to initiate a remote wipe, if it ask for a verification code which is on the phone that the thief has?
Zero logic at all. 🤦♂️
Edit: And MFA was never enabled. Just to clarify.
A web browser is not a computer. A phone is not a desktop computer. Google (and most other large companies) keep many features restricted to their full websites, not mobile apps and mobile versions of their sites. For those who are used to/grew up with smartphones, tablets, and chromebooks, these tactics help to make it harder to leave their ecosystems as they aren’t used to navigating desktop environments.
(Chromebooks do give desktop versions of websites by default, but they have helped reduce technological literacy in exchange for convenience)