I was gonna ask about the phone biometrics part in a sepatate question, but its both about security, so might as well combine it in one post.
Okay so I don’t use password managers. I just try to make easy to remember passwords 3-4 random words + 3-4 random numbers. Online accounts can’t be brute forced anyways. For offline accounts, I just increase the words and numbers. For mobile I don’t use biometrics, although I’ve been testing whether or not I want a pin + no biometrics or alphanumeric password + biometrics. I just can’t decide.
The idea is to use a different password in every different place so if some password gets leaked, they will only be able to harm you there.
Imagine, if you use the same password for everything, then site A leaks your password and now the bad people could look you up in many other sites and see if they can do some harm there.
Also not having to remember passwords allow for very obscure passwords very hard to bruteforce.
Thank you! I asked the other commenter this question as well, but would it be possible for the password to the manager to be breached?
Of course, but the chances are a lot smaller with unique passwords due to what I explained, and also there’s the fact that a password manager probably handles security way better than your local burger place website.