Wondering about the requirement.....
I understand the problem(s) regarding not having a cell phone in order to authenticate access/sign-in.
However, you do not really want to have any sort of authentication be "automatic" where access could be granted and you may know nothing about what has transpired: Someone accessed your account and was automatically authenticated, gained access, then had the proverbial "keys to the kingdom".
Perhaps I am missing something here or otherwise misunderstanding the questions.
Still feel that I would be remiss if I do not at least "say something".... No harm, no foul.