Avira is using following measures to make the Password Manager as secure as possible.
Two factor authentication means that an attacker would not only need to know your password, but also to have access to your phone. Only if both of these factors are present, would the attacker be able to access your data. If one of them is missing, your data cannot be accessed by anyone. Therefore, the two-factor authentication adds an extra layer of security to the authentication processss.
Secure master password
All passwords and data are encrypted on the client’s side before they are sent to Avira‘s servers. The only way to decrypt them is for the user to give away their master password. The master password is not known to Avira and never leaves the client. This ensures that only the user has access to their data, which also means that Avira has no means of restoring or resetting the password should it be forgotten.