Go to https://www.authy.com/phones/reset and type in your phone. We'll send you and e-mail to confirm you want to reset it. After you confirm you'r account will be reset and you can register your new phone.
Go to https://www.authy.com/phones/change and type in your previous phone and the new phone. We'll send you and e-mail to confirm you want to reset it. After you confirm you'r phone number will change in the next 36 hours.
We go to great lengths to ensure security in our systems. Still you don't necessarily have to trust Authy. Since you are still verifying your username and password on your own systems, even if Authy was compromised, your accounts would still be safe. However is much more likely that one of your users password is compromise. In that case Authy will still protect the user, since the attacker would need both the password and the token, but only the owner of the cellphone can know the token.
As soon as the person buys a new phone, he can simply reset his phone at: https://www.authy.com/phones/reset. After everything keeps working as usual.
Extremely secure. The token is generated using a 1 way function (SHA-2) and a 256 Bits key. SHA-2 is published by the NSA an it's approved by FIPS 186-2 to secure top secret data. Even if the attacker had access to hundreds of Tokens, it would still be mathematically impossible for him to generate a new valid Token. If you are inclined to know more, Authy is based on RFC4426 (http://www.ietf.org/rfc/rfc4226.txt).