1. Get a hardware token
2. Install a TOTP desktop client
3. Only use the phone for 2FA
4. You understand the spirit of the exercise and don't get bogged down by silly rules.