![](https://infosec.pub/pictrs/image/9fae72a0-d362-43f1-9b08-7ec2d60f8566.png)
![](https://lemmy.ml/pictrs/image/d3d059e3-fa3d-45af-ac93-ac894beba378.png)
My phone has a passcode, so does my password manager and my MFA app - all different passwords. Those are the only ones I need to remember, so it’s not too bad.
Probably not ideal, but to break that someone needs to A) physically get my phone, B) unlock my phone, C) unlock my pw vault, and D) unlock my MFA app. I’m fairly confident in my setup.
I think you answered your own question.