It may be a fine system, and I certainly not qualified to critique it. My concern is if you can be identified with a device or public key you must trust to some extent those who can make that identification. For those living in "free" societies, with some measure of due process, things are fine for now. But I have seen changes take place very rapidly where freedoms and "protections" evaporate with astonishing ease.Authy knows nothing about what you have configured as 2fa tokens, is all encrypted client side like zerobin.
The phone number is for recovery when you need to migrate the encrypted database to a new device.
Authy supports TOTP (RFC 6238) tokens with the added convenience of recovering your keys if your phone or device is lost or damaged.