Google's 2FA doesn't require a phone. Use a USB token, use a secondary email, or use a single recovery code and leave the account logged in in a separate browser used only for GPM.
Only one of those is sort of an option for me. USB tokens = disallowed. Accessing personal email at work = disallowed. Using a single recovery code is a possibility, but I would have to rotate through them constantly (see other comments in this thread).