hi,
as you know a routine android phone can have personal profile and work profile, which behaves like 2 quite isolated android phones. if you are on samsung,
it provide you with a THIRD knox phone.
my plan now is protecting my accounts with username+password + 2FA(authenicator totp, OR keys OR recovery codes at home).
BW will handle my UN+pwd. i got 2+ fido2 keys. recovery codes are saved separately (indeep better print out )
for authenicator, i install in knox and also the work profile which i freezed the app.
and i only install BW app in the work profile and personal profile.
so, NONE of the 3 profiles have BW+totp together.
which make me feel safer than puting BW /w totp in the same profile.
ps i use aegis authenicator as it support fingerprint and could export /w encryption. BW authenicator is too fresh for me.
ps2 freezing the aegis in the work profile do have some risk, but sometimes i’ll unfreeze it temporarly and import the most updated export from the knox, thus to make a working 2nd local copy which i’ll then freeze again.