The problem is so many services requiring SMS to be that second factor. From what I’ve heard it’s easy enough to steal a sim that if you’re being explicitly targeted it’s basically the same as no second factor. Yet even if using an authenticator app most services require you to still have SMS/phone as another option for the 2FA.
For Authy specifically they’d need to guess your master password and then hijack your phone number, and for users of Authy I suspect their passwords are not easily guessed as it’s already a step above the standard SMS only 2FA most services require.
The problem is so many services requiring SMS to be that second factor. From what I’ve heard it’s easy enough to steal a sim that if you’re being explicitly targeted it’s basically the same as no second factor. Yet even if using an authenticator app most services require you to still have SMS/phone as another option for the 2FA.
For Authy specifically they’d need to guess your master password and then hijack your phone number, and for users of Authy I suspect their passwords are not easily guessed as it’s already a step above the standard SMS only 2FA most services require.