My first reaction was... Don't combine to one app. Keep them separate so that people have choice. Also, less potential for coding errors. But make the integration between services better. Have robust APIs. Enable push 2FA for all websites. Your browser extension should be able to detect the website I am on and offer the correct 2FA TOTP when I'm asked for it. Having to copy/paste seems archaic in these days! Good luck improving!

But now I am torn between the options. I would love to have TOTP suggested when asked by a website or app (desktop and mobile). And if combining into a single app is the only way to do this then great. Yes, there will be an issue around 2FA for LastPass itself if you combine the app.

I'm not very convinced about putting all the eggs in one basket.

How are you planning to provide the 2FA codes for Lastpass itself?

I am an Authy user and have never used LP authenticator. I know other password managers have the 2FA tokens and the password manager baked into the same app, but it doesn't necessarily mean it is the correct way to do things.

Personally, I like them to be separate, because I really don't want to put all my eggs into one basket.  What I like to see is that the authenticator encrypts the secrets and syncs across devices. 

Don't combine the apps. But do make it easier for LastPass to fill in TOTP in the browser.

@AshC Why does it have to be one combined app for it to "receive push notifications in the same way as the LastPass Authenticator Application works today"?

Why not just extend the "LastPass Authenticator Application"?

My initial response was... Combine your apps into no one. Separate them to give people an option. less chance for code mistakes, too. Nevertheless, improve service integration. dependable APIs. Make push 2FA available on all website. When I'm asked for a 2FA TOTP, your browser extension ought to be able to recognise the website I'm visiting and provide the appropriate one. Copying and pasting feels antiquated today! Good luck making progress!

However, I'm now torn between the choices. I wish a website or app could propose TOTP when I ask for it (desktop and krnl). And if integrating them into one app is the only way to achieve this, fantastic. Yes, there will be a problem with LastPass's 2FA.

Putting all of my eggs in one basket is not something I strongly support.

How do you intend to give Lastpass users the 2FA codes?

Though I use Authy, I've never used LP Authenticator. I am aware that several password managers integrate their 2FA tokens and password managers into the same pgsharp, however this does not necessarily mean that this is the best practise tinytask.

Being a non-business user, I believe it will be easier and more practical. ffh4x