By default, Authy allows its two-factor authentication (2FA) mobile application to be set up on more than one device. In order to install your Authy account on a new device, you are required to verify ownership of your account via SMS. Once your Authy account is installed on a new device, it generates the same, valid 2FA codes. Therefore, it is important to prevent unauthorized installations of your Authy account on other devices.
Unauthorized installations of your Authy account can be achieved if an unauthorized person ("attacker") obtains access to your SMS messages (e.g., phone number porting). To prevent an attacker from doing this, you can disable the multi-device option by doing the following:
Settings > Devices > Allow Multi-Device > Turn OFF
Note: You can temporarily enable this setting when migrating to a new device (for example, upgrading your phone) but you must disable it after the new device is configured if you want to protect your account from multi-device installations.