Passwords are vulnerable on phones too
Realistically, if you are typing in a complex password every time you grab your phone because you don't trust fingerprints, faces and so forth to be secure since they aren't "passwords", it will be pretty easy for someone to snag it. I mean, how are you going to insure that no one is looking EVERY TIME you unlock your phone - including CCTV cameras that you might not be able to see, or someone simply holding their phone up behind you to video it where you can't see them?
In theory a complex password is more secure, but because you are inevitably going to enter your password in public, in practice I don't think it matters much.
Let say hypothetically Apple was able to improve Face ID to where it was impossible to fool, and it could even tell twins apart. That's great, right? The problem is you'd still need a password, and that password would still be vulnerable to someone seeing it entered, so this holy grail perfect Face ID wouldn't really improve the security of the phone much at all. At some point, if face/fingerprint/etc. biometric scanners become good enough, the password that the phone will always need to have (to provide a unique encryption key, something biometrics could never do even if perfect) will become the low hanging fruit.
Biting the hand that feeds IT
