Backups PasswordThe Backups password is, as the name implies, used for backups. When you enable backups on your Authy app, the backups password encrypts all your tokens and uploads them to our servers. This means that if our servers were to be compromised, no hacker would be able to steal your tokens unless he also knew your backups password. This password is never stored in our servers for your security so make sure you write it down somewhere safe, if you ever forget your password you will be unable to decrypt your tokens. You can always change your Backups Password by going to Settings > External Accounts > Change Backups Password.
PIN ProtectionThe PIN is a 4 digit password that locks your app so others will not be able to access your tokens if they were to gain access to your physical device. Although the PIN provides an additional layer of security, it will not protect you from a real hacker if he where to gain access to your device. Like the Backups Password, the PIN is never stored in our servers so make sure you don't forget or lose your PIN.
The Master PasswordThe Master Password provides an additional security layer for your tokens. It is only available in Authy for PC. Whenever your computer is idle, the Master password will be used to encrypt your tokens so if a hacker gained access to your computer (for example, when you go out for lunch and leave your PC at your office) they would need the Master Password to gain access to your tokens.
The Master Password is like the PIN, but for your computer.