Unless you’re using a random 10+ alphanumeric passcode and are fine entering it every time you log into your phone, with a short auto-lock period, you’re much better off enabling biometrics (assuming it’s implemented competently) in combination with a longer passcode and understanding how to disable it when appropriate.
I recently replied with this comment to a Gizmodo article recommending the same thing you did for similar reasons, if you’d like to better understand my rationale: ttrpg.network/comment/6620188
adespoton@lemmy.ca 5 months ago
I’ve got a pair of YubiKeys that I use to back my passkeys. Works great; I’ve got passkeys that work within the Apple, Microsoft and Google ecosystems and don’t have to worry about password prompts for the most part — but I DO need a YubiKey handy to validate that it’s actually me at the device.
My keys use both NFC and USB-C and work across all my passkeys supported devices when I add in a USB adapter.
Everythingispenguins@lemmy.world 5 months ago
Sounds much safer than biometrics.
adespoton@lemmy.ca 5 months ago
Definitely. Costs extra, has an extra step to set up, and has an extra step to use, but is so much more secure.
That said, biometrics are better than “1234”. I have no issues with people who have bad password hygiene moving to biometrics, which at least add an extra barrier for account compromise.
But for the rest of us, physical security tokens are definitely the way to go.