Another thing you can do without 2FA on a device that is already authenticated is generate an app-specific password which is like a persistent backdoor to your account that degrades your security until you either revoke the ASP or change your main password (which automatically revokes all ASPs).