Avira uses the following measures to make the Password Manager as secure as possible.
Two-factor authentication means that an attacker would not only need to know your password but also have access to your phone. This means an attacker would only be able to access your data if they have both forms of authentication. If they're missing one, your data cannot be accessed by anyone. Therefore, two-factor authentication adds an extra layer of security to the authentication process.
All passwords and data are encrypted on the user's side before they are sent to Avira‘s servers. The only way to decrypt them is for the user to give away their master password. The master password is not known to Avira and never leaves the user's side. This ensures that only the user has access to their data, which also means that Avira has no means of restoring or resetting the password should it get forgotten.