I completely agree with this, but I would prefer if there was a mechanism to keep offline backups. Currently if I lose my phone I am frozen out of my accounts. 1-time codes do exist but they have issues - either they're very easily accessible in the form of a printed paper or they're very difficult to access like an encrypted backup in the cloud.

I don't have a good solution to this problem - I am mugged while traveling and I lose my phone and wallet. If anyone could share how they tackle this problem I'd be grateful.

What is 2FA? It's 'something you have'. It's not 'one single thing on one device only'. It's just 'something you have'.

'Something you have' relies on physical security, so if you have the same physical security for both your laptop and phone, there's no reduction by having a 2FA token on each device.

That's only true if there's a physical barrier to propagating your tokens to new devices.

The concern is that Authy changes the second factor from physical security back to something cloud-based and hackable.

I don't know if that's legit because I don't know how Authy works.

From reading the Authy docs, it sounds like all your Authy data is encrypted before leaving the device, so if the encryption works, it should be pretty secure. You can also turn off the multi-device support and backup, if you don't want those features. But tome, the risk of losing my single device and being locked out of my accounts is too high without it. I just wish Authy was open source so it could get more security review.