Get off Authy.
On the one hand, I sympathize with Twilio, given that they experienced a data breach which involves a perceived need to tighten security. On the other hand, their efforts involved shenanigans like this.
I got super lucky with my ability to get my keys out: I had a phone that already had Authy and was already rooted, so I moved to Aegis, which is epic because it can import your accounts from Authy, IF it’s on a rooted phone. If you can mimic this by rooting your old phone and using a slightly-older version of Authy, it really is about the best route to go.
If you can’t, you may be stuck faffing around with Safetynet fixes to convince Authy to behave…but to whatever extent you can move your 2FA tokens to another application, definitely do it.
I used them for years, but the absence of an “I accept liability due to my phone being rooted, and I’m aware that it’s rooted so let me continue anyway”, or an “you can’t use Authy anymore because your device fails safetynet, but here’s your keys you can import into something else” button, meant that they functionally held my data hostage without warning or recourse. Never again.