I was gonna ask about the phone biometrics part in a sepatate question, but its both about security, so might as well combine it in one post.
Okay so I don’t use password managers. I just try to make easy to remember passwords 3-4 random words + 3-4 random numbers. Online accounts can’t be brute forced anyways. For offline accounts, I just increase the words and numbers. For mobile I don’t use biometrics, although I’ve been testing whether or not I want a pin + no biometrics or alphanumeric password + biometrics. I just can’t decide.
Open sourced password manager + open source 2fa wherever available. For password managers many will suggest Bitwarden & i recommend that to my family for its ease of use, though I personally use Keepass (because it allows me to store multiple documents & have them readily available offline. Its not as straightforward to set up sync compared to Bitwarden, which does it by default).
I would never allow a browser to store any information such as passwords, credit card info etc
On mobile I use password in conjunction with biometrics. Sensitive apps are only ever stored inside secure folder which has no biometric access & has a different password to main area of phone.
I absolutely refuse to use google/apple/samsung pay.
Please consider password manager, once you wrap your head around not knowing any of your passwords except the strong master password it becomes second nature. Get out of the pen & paper habit!
Top tip. For any new signup, once you’ve generated a strong password make a note within the password manager of the email address you used to sign up with (yep, get used to using multiple email accounts). When that site inevitability suffers a data breach it makes life easier when they send the change of password verification email