d: biometrics are inherently flawed and invasive. Sure they provide a (false) sense of security, but actual security is very limited and only to a point of being in an honest and just world (which we don't live in: government is just as much a threat as a regular criminal, not that there is much difference between the two anymore), but easier to coerce/extract "out of" someone.

Such tech is bipassable, several very simple hacks are easily found with a simple search.

With facial recognition, someone merely has to get your face in view of the camera in some fashion... even a good make-up artist (ie make a mask) can fool the system. Facial recognition even fails by use of high quality pictures and deep fakes, there are multiple articles and research studies done on this. I have even had the system fail to recognize me just because I grew facial hair, and fail again after retraining and shaving.

With fingerprint, someone merely has to knock you out, tie you up, cut off the finger, lift the fingerprint from something, etc.

In court? Very easy to force you to unlock the device under either method of faux "security".

Now, if you want to use such horribly flawed and invasive (do you really trust entities like Google, Apple, etc to keep biometric data secure? Biometric data has been hacked and stolen in past and you never know what their OSes/devices are sending in the background or who they are giving it to) tech, by all means, do so at your own risk. But be aware of the downsides and the reality of their (in)effectiveness.

Much better to stick with knowledge (pin/password) + device based (ie yubikey) + OTP security. Neither being useful without the other. Both destroyable/forgotten.

A "sense of security" is not the same as actual/real security. You can "feel" safe all you want, doesn't mean you actually are.

Nicholas: Correct. Forced SMS auth = switching from Koinly. 0 need to store your phone # here.

Optional 2fa that i can use on any app, fine.