Then why are you not using POP or IMAP with a separate password? What are they going to do with the auth code when they don't have your original password?
I'm not trying to defend their stupid choice of offering option #2, but rather trying to offer a solution to your current problem.
If my phone becomes unavailable (eg lost/ stolen/ dropped in a toilet) then I need a backup option to login. The backup options Google provides are:
* Use a backup code
* Use a backup phone number
* None of the above, I still need help!
1. The backup codes are suggested to be printed and stored in a wallet; however you can put them anywhere you like.
2. The backup phone number can be somebody else's number. Your best friend, your partner, whatever.
3. If you still can't get a backup code, the third option is to go through Google's support team and recovery process. Selecting this option results in an advisory message stating the process could take from 3 to 5 days.
I guess that's fair, but since it seems like that's how it got gamed, they should definitely be more strict and send only to your primary or backup number.
I'm not trying to defend their stupid choice of offering option #2, but rather trying to offer a solution to your current problem.