The standard guidance when snaps request auto-connection to the password-manager-service is as follows:
When connecting the password-manager-service, your snap is able to access all stored secrets, but also your snap’s secrets can be accessed by any other applications with access to the service (including snaps which also have the password-manager-service connected). Since this may not be desirable or obvious to users, in general, we discourage auto-connection of password-manager-service and instead suggest that applications using this interface detect its availability (eg, with
snap is-connected password-manager-service) and show a dialog with instructions on how to connect the interface manually (eg, with
snap connect, the snap store GUI, etc). Ideally when instructing the user, the details of the access will be explained so the user can make an informed choice. While this is an extra step for the user, if done well the process should provide additional trust that your snap and the system as a whole are working together to keep the user’s passwords secure. Alternatively, the snap may choose to store the secrets outside the keyring in an area private to the snap. -1 to auto-connect.
As such, -1 to auto-connect from me since I really don’t think system-wide 2FA secrets should be automatically accessible to other apps / snaps without the user being able to make a conscious decision in this case.