You are conflating privacy & centralization with security. Privacy & centralization ARE issues….however they are not SECURITY ISSUE. In terms of ease-of-use, keeping things up-to-date, and being secure-by-default, Google does an exceptional job, especially for the average user.
Specifically regarding Google Auth vs Authy though.
- Google Authenticator is NOT part of Google’s normal suite of tools. It does not connect to the internet, is not linked to your Google account, etc. In terms of this, privacy isn’t really a concern (and is actually more private than Authy.)
- The problem with Authy is that you can restore all your backup codes via a single piece of information: your phone number. Considering that your phone number is easily hackable, this is insanely insecure. You are relying 100% on both the security of Authy’s servers AND a $2/hour customer service representative to not give up ALL your 2FA codes.
I strongly suggest you look into actual attack vectors and what/how people are attacked before throwing away your personal security in the name of personal privacy / avoiding the top dog for the sake of avoiding the top dog. I’m not saying you should ignore the problems that a centralized party like Google introduces, but don’t get it mixed up with how secure something is.