[acchow]

Yes.

Unfortunately, their marketing is highly convincing. Most people (even most engineers) won't realize the tradeoff here: Authy replaces "two factor authorization" with "two password authorization". It should be clear which is more secure.

The "two factors" with GA are a knowledge factor (something you know - your password) and a possession factor (something you have - your phone number for SMS or phone for GA app).

See also https://en.wikipedia.org/wiki/Multi-factor_authentication

[rdl]

Ultimately all of the cellphone 2FA are at some level "two passwords". If the machine on which you enroll initially is pwned at that time, the attacker sees the seed. It's a little better with physical tokens (where you'd need to compromise the token itself, or do MITM at setup time and persistently after). I believe most of the good iOS TOTP apps use the "keybag" correctly so the seeds don't leave the device when backed up, but it's not perfect. An x509 cert would fundamentally not be any different, and PK-based MFA (which Duo, OneID, and I think some other companies do) isn't that different -- it just requires the verifying application talk to the app directly vs. something you can do as a human.

[acchow]

If you store the seed on your device.

For gmail, Google texts me an auth code; the seed (if there is one) is in their data center. They could switch to seedless down the road since they own both sides of the auth.

[rdl]

I've never trusted the SMS auth; too easy to play phone routing tricks, and most high security environments don't allow phones or have coverage (of course there's also the same problem for no-phones for a phone-based TOTP; the solution is a physical token).

[_djo_]

Although using Authy's backup service is optional and the app works just fine with local-only storage and no Authy account, which is how I have it set up.