even SMS 2FA if I am not mistaken (I receive SMS from them from time to time)
SMS is a very insecure method of 2FA, and if you have an app which is using it, I would suggest either disabling it (if you can) or changing app altogether. It is relatively easy (certainly easier than most other forms of phishing or hacking) for an attack to learn enough about you through social media or similar to phone your mobile company and convince them they are you, and to move your number to a new SIM. Once they do so, they can use that to reset passwords or in this case use 2FA for whatever you have linked.
It's too bad, but i could move it as soon as backup process is done.
See my
reply here. As long as you encrypt the app with a password before you back up, it seems the backup will be similarly encrypted with the same password.
Authy, by default, does not actually enable the 2FA. When you lose your device that has Authy installed, you can use SMS to recover it and/or as a temporary 2FA method. Otherwise, you just use the app.