Tangential: I’ve seen Authy recommended around (including in an Ars Technica article about 2FA), but never understood why linking a phone number (subject to SIM jacking or other kinds of loss) was preferred or even thought of as a decent idea. Using 2FA for security but choosing SMS OTP as the authentication for the 2FA provider seems…weird.
There are many other apps that provide syncing (the accounts and seeds) across devices without needing a phone number and SMS OTP authentication. There your threats are primarily your phone and what service is used for the sync.
I see Authy recommended by service providers because it provides a recovery mechanism that doesn't involve expensive customer support and headache.
That said, using it is a choice that compromises the underlying principle of 2FA, which is verifying something "you have" in addition to something "you know" (your login credentials). This is a choice that should more clearly be explained to users, in that expanding the pool of things "you have" and allowing that pool to be expanded using nothing but SMS auth significantly increases the possibility of nullifying 2FA security entirely.
I say this as the author of a password-store extension that stores and syncs TOTP and HOTP keys. I understand that users can choose to defeat 2FA entirely by storing keys alongside their passwords without a second factor needed to decrypt those keys. But users can also choose to keep the store decryption keys on a hardware token such as a Yubikey, which effectively replaces OTP 2FA with hardware token-based 2FA, with the possibility to restore from a backed-up PGP private key.
Obviously that option is complicated, which is why I admire the sync solutions implemented by Keybase and Signal like you describe.
There are many other apps that provide syncing (the accounts and seeds) across devices without needing a phone number and SMS OTP authentication. There your threats are primarily your phone and what service is used for the sync.