Enabling 2FA should stop this from happening. Adding TOTP as your 2nd factor would require adding a recovery number, but maybe you can remove it after. I have accounts that has TOTP 2FA w/o recovery number, but perhaps they were grandfathered in.

Alternatively, use a physical token as the 2nd factor, then no recovery number is required.