There are no other options. This is even more stupid than the phone number verification thing. Attemping to logging to Google Play Store on that wiped device (which previously was logged in to the account) doesn’t work either.
Luckily, this is a throwaway account, not much data of value was lost. FRP on the wiped device was also off.
But like, what is the point of this. Suppose, my phone got stolen. How am I supposed to log in to Google to initiate a remote wipe, if it ask for a verification code which is on the phone that the thief has?
Zero logic at all. 🤦♂️
Edit: And MFA was never enabled. Just to clarify.
You should enable MFA yes. But it’s definitely not reasonable to expect a forced half-assed version of MFA that keeps changing when you DON’T enable MFA. OP should have migrated the account before wiping the phone but this behavior was not caused by them.