As long as they don't hold onto your passwords too, then it's not too bad right? A compromise for the sake of convenience, to be sure, but even in the worst case – if all Authy tokens are compromised – people still shouldn't have access to your accounts.
For me at least (personal use, not company use) that's a worthwhile compromise: I doubt any attacker could get my main password in the time it'd take for me to change it in the unlikely event that Authy be compromised.
For me at least (personal use, not company use) that's a worthwhile compromise: I doubt any attacker could get my main password in the time it'd take for me to change it in the unlikely event that Authy be compromised.