I use Authy for the security of my account. I don't know if GA can be duplicated to other phones, but Authy can. You only need to remember the password with your email. I don't know this is a plus or a minus.
I'm afraid it's a minus, and a big one at that, which is why most people no longer recommend it. Authy is no longer open source, and they now back up all your shared secrets, 2FA codes, and other info to their own servers. If someone hacks your email, they can potentially restore your 2FA codes to another device. This means they can use your email to reset your exchange/account password and receive your 2FA code, which negates the entire point of 2FA since both factors can now be accessed by compromising one thing (your email account).
If you lose access to your account, then Authy demand full KYC from you, including copies of photographic ID to restore your access. They also track which codes you access, when you access them, the IP you access them from, and link all that back to to your email address and other personal information they store about you.
There is no reason to use Authy when you can use an open source alternative such as Aegis, perform your own encrypted back up, and maintain your privacy.
See another post I made regarding Authy here:
I was reading from here:
https://www.twilio.com/legal/privacy/authyIf we cannot easily confirm that you are the rightful account holder of the Authy account associated with your old number, we will ask you for your phone account information and a copy of physical identification such as a drivers’ license, national ID, or passport, which we then use to confirm your claim to the account. From time to time, if there are other situations where we need to verify that you are the rightful account holder of your Authy account, our support team may require you to provide identity information like a drivers’ license, national ID or passport.
Emphasis mine. More worrying that just for account recovery, they may also lock you out of your 2FA account (and therefore
all of your online accounts which use 2FA) and demand KYC "from time to time". How reassuring.
When you use an Authy token to log into an account, whether the token was generated on the app or one sent to you via your phone number, we collect and keep information associated with your login activity including information like your IP address, what application or program you logged in to, that you logged in, and when.
They track your activity across all your accounts, linking that to your email address, phone number, and IP addresses...
Over the last year, we have shared Identifiers and Internet or other electronic network activity information with third parties, as we describe in this section.
...and they share it with third parties.
I don't understand the benefit of this service. It is the equivalent of a web wallet for 2FA: You are letting someone else handle all your codes, have the power to lock you out of your accounts, and invade your privacy, all for something you can do yourself easily, freely, securely, and privately.