I was gonna ask about the phone biometrics part in a sepatate question, but its both about security, so might as well combine it in one post.
Okay so I don’t use password managers. I just try to make easy to remember passwords 3-4 random words + 3-4 random numbers. Online accounts can’t be brute forced anyways. For offline accounts, I just increase the words and numbers. For mobile I don’t use biometrics, although I’ve been testing whether or not I want a pin + no biometrics or alphanumeric password + biometrics. I just can’t decide.
Self-hosted bitwarden instance with 2FA enforced through hardware key. pretty nice and relies on having the password and the hardware key.