I was gonna ask about the phone biometrics part in a sepatate question, but its both about security, so might as well combine it in one post.
Okay so I don’t use password managers. I just try to make easy to remember passwords 3-4 random words + 3-4 random numbers. Online accounts can’t be brute forced anyways. For offline accounts, I just increase the words and numbers. For mobile I don’t use biometrics, although I’ve been testing whether or not I want a pin + no biometrics or alphanumeric password + biometrics. I just can’t decide.
Doesn’t Lastpass have a data breach every two months or so? I migrated last year after hearing of the second one I knew about
It hasn’t worried me too much but I’ll probably switch to Proton Pass soon anyway:
All sensitive customer vault data, other than URLs, file paths to installed LastPass Windows or macOS software, and certain use cases involving email addresses, were encrypted using our Zero knowledge model and can only be decrypted with a unique encryption key derived from each user’s master password. As a reminder, end user master passwords are never known to LastPass and are not stored or maintained by LastPass – therefore, they were not included in the exfiltrated data.