Currently, ProtonPass stores the 2FA secrets in the same place it stores login information.

Functionally, this means that there is no second factor. All necessary account access information is stored in one place, and is a single point of failure. If ProtonPass is ever compromised, the attacker would get full and total access.

To fix this, 2FA should be split into it's own separate application with it's own separate password.