Authy is an awful choice. Do not use it. You are compromising both your security and your privacy if you do use it. See my previous post on this subject:
I was reading from here:
https://www.twilio.com/legal/privacy/authyIf we cannot easily confirm that you are the rightful account holder of the Authy account associated with your old number, we will ask you for your phone account information and a copy of physical identification such as a drivers’ license, national ID, or passport, which we then use to confirm your claim to the account. From time to time, if there are other situations where we need to verify that you are the rightful account holder of your Authy account, our support team may require you to provide identity information like a drivers’ license, national ID or passport.
Emphasis mine. More worrying that just for account recovery, they may also lock you out of your 2FA account (and therefore
all of your online accounts which use 2FA) and demand KYC "from time to time". How reassuring.
When you use an Authy token to log into an account, whether the token was generated on the app or one sent to you via your phone number, we collect and keep information associated with your login activity including information like your IP address, what application or program you logged in to, that you logged in, and when.
They track your activity across all your accounts, linking that to your email address, phone number, and IP addresses...
Over the last year, we have shared Identifiers and Internet or other electronic network activity information with third parties, as we describe in this section.
...and they share it with third parties.
I don't understand the benefit of this service. It is the equivalent of a web wallet for 2FA: You are letting someone else handle all your codes, have the power to lock you out of your accounts, and invade your privacy, all for something you can do yourself easily, freely, securely, and privately.
Google Authenticator is closed source, owned by Google (and so almost certainly spying on you), and has unnecessary difficult and complicated back up procedures. Avoid it as well.
The best 2FA app is Aegis. It does not matter if Gemini say you must use X or Coinbase say you must use Y. Neither know which app you are using, the actual process of generating your 2FA code is identical across all apps. Aegis will work just fine.
When you set up 2FA, you will be a shown a QR code to scan with the Aegis app. You will also be shown a 16 character back up code made up of numbers and letters. Write this code down on paper, along with the name of the site and account for this code since you don't get them mixed up when trying to recover them in the future.
. I never thought it could be easily extracted like that on Aegis. But definitely 'no' on Google authenticator.
