Apps that offer text or Face ID as security are asking for trouble. As soon as someone has your phone, they can read your texts and change the Face ID to theirs…
A better way is to offer a separate PIN (but my guess is most will just use their phone pin 🤦♂️) or a physical key 2FA.
I cannot take any app seriously that doesn’t support hardware authenticators
Biometric security is convenient but has its vulnerabilities, especially if someone gains physical access to your device. Hardware authenticators or separate PINs add an extra layer of security, but most users prioritize ease over maximum protection. It’s a trade-off that too many apps overlook.
When possible, Yubikey's with NFC for mobile phones are quite useful...buy at least two and consider storing a third offsite for backup.
yubico.com
GrapheneOS phone locks and I use longer pass phrase. You only get so many tries to unlock. So they would have to grab unlocked phone out of my hand. Even on a desktop you don't generally have even a separate password for every app but less hardware auth. But face ID or even fingerprint I think are bad idea. Among other things in many places you can be forced to unlock using them. Even if you are unconscious.
