To use either Authy or Authenticator for TOTP is less secure, I will argue, than to use Password Store and/or Aegis.
Password Store uses gpg-encrypted plain text files to manage passwords and syncs with any git provider.
Password Store (Manage your passwords) - https://f-droid.org/packages/dev.msfjarvis.aps
Aegis Authenticator is open source (licensed under GPL v3) and the source code can be found here: http://github.com/beemdevelopment/Aegis
The issue with Authy is that it depends on a phone number which can be changed through an email request, allowing anyone access to HOTP/TOTP after an approximate 4-day wait period.