1. You need to have several code generators that are initialized with the same secret. I actually have one on all of my computers, it's just a couple of Python lines. Well, a smart human attacker could probably find my generator on the computer reducing it to 1FA. But the risk of a smart human attacker spending hours to analyze the contents of my computer (using full disk encryption) is smaller than me forgetting, losing, breaking my phone.
2. Google does not allow you to setup 2FA without a phone. That's part of their the customer is the product thinking. It eliminates privacy and is a risk to your data when your phone number changes.
1. You need to have several code generators that are initialized with the same secret. I actually have one on all of my computers, it's just a couple of Python lines. Well, a smart human attacker could probably find my generator on the computer reducing it to 1FA. But the risk of a smart human attacker spending hours to analyze the contents of my computer (using full disk encryption) is smaller than me forgetting, losing, breaking my phone.
2. Google does not allow you to setup 2FA without a phone. That's part of their the customer is the product thinking. It eliminates privacy and is a risk to your data when your phone number changes.