My issue is now resolved. The third time I called Marriott, I finally got them to submit a ticket to escalate. Somebody emailed me with this information from their files.
"I have done some research to see if I can find a way to fix your issue and came across this in our files:- Member must wait four days to request a new code after changing their email address or phone number.
The screenshot is exactly what I needed to be able to search for an answer. This is a new security feature on accounts as we have found where emails are changed or phone numbers changed and then the account stolen from. It is the extra layer of security."
This morning, on the fifth day after being locked out, I could log in normally. I just turned the 2FA off. I normally have it on for accounts, but this ordeal makes me feel like my account will be more secure if I use good online security practices (cycle passwords, password generated with password generator, etc.) rather than run the risk of getting locked out of my account for five days because I put the same cell number that has been on my account since it was created on a booking. Marriott not having a "trust this device" cookie was frustrating enough.