Most people would compartmentalize with user profiles in these situations:
- Having a separate profile with Sandboxed Google Play Services to run apps requiring it or to separate two apps known to do IPC with one another.
- Managing separate online identities or multiple accounts in the same app that only allow one at a time.
- Having a profile for handling sensitive data or work (like a profile just to manage a Cryptocurrency wallet or a profile just for Tor-only)
- Additional antiforensics measures and resistance against attackers with proximity of an AFU device by being able to purge encryption keys of other users on device by ending their session.
You'll find making separate profiles for apps for no reason to not be necessary due to the nature of sandboxing, but if you'd need the app to go through a different VPN than your current then this is one example of a way a profile is beneficial. If you make your setup unnecessarily complicated you'll find that you might not enjoy using the OS as much as you could be. Have a threat model in mind and consider how necessary your options are.
A lot of people will just do normal apps and google apps as profiles, but this can vary. I have those but also a profile just for Tor. I also keep the Owner profile completely empty (except for VPN) and do everything in another. This comes with a UX cost for some people if you have auto-reboot or need to change options only the Primary let's you do. That being said, some just don't use them...
As for the 2FA, some apps don't let you import/export them. If this is the case, turn off the 2FA on those accounts and add them again on a new app. Aegis is a great 2FA app that also lets you export them.
