I’m migrating the handful of accounts that I have 2FA set up in from using Authy to using Proton Pass. But I’m stuck on my Proton account itself. Should I keep Authy just for my Proton account and then once I’m in, I can use Pass for the rest of the 2FAs?
What do you do?
Yes and no. You’re correct that if someone compromises your proton account, the 2fa does nothing. But in the other hand, if someone were to acquire your credentials some other way, they may still only have the username and password, and maybe the time-dependent 2fa code. So I would argue it’s better than no 2fa but somewhat inferior to using a separately authenticated 2fa app/device.