Wait, is the Authy App SMS based as well? I thought it just used a clock sync to generate the keys like GA does? I could be totally wrong as I haven't set it up, but that's what I gathered from reading their site and downloading their app?
I thought the main difference was that the 2FA service details were saved in the cloud so you could sync up to multiple mobile devices using the Authy app?
Authy backs up the 2FA secrets to the could to enable "multi-device support". To restore the backup it's usually a matter of verifying your phone number via SMS. See how this turned bad?
I'd recommend disabling multi-device support which is enabled by default or adding a backup/restore prassphrase to make it more difficult to add new devices without also cracking the prassphrase.
I thought the main difference was that the 2FA service details were saved in the cloud so you could sync up to multiple mobile devices using the Authy app?