[lotsofpulp]

I assume RGS1811 was worried about someone using your finger for TouchID or face for FaceID, involuntarily. I also worry about that, especially if you get knocked out or black out or something, but I think the solution is to not have important login info in the keychain at all, such as access to money (bank apps), email, or other uses that can be used to verify your identity or steal from you.

[falcolas]

If that is a legitimate concern, then don't use Touch ID or Face ID. By using those a person is intentionally choosing convenience over security. By even saving passwords in an account-shared fashion (be it Keychain, LastPass, or 1Password), you're giving up some security for convenience.

The latest iOS versions have also included a "five clicks on the power button" emergency option, which disables both TouchID and FaceID. It's not perfect, but if you're going into a questionable situation, it's a good way to avoid being coerced into using those to unlock your phone.

[RGS1811]

What made me concerned was the discovery that, on an old iPad mini I rarely use (without touch id / face id), entering the standard four digit unlock code is enough to get access to the full list of logins/passwords stored by iCloud Keychain. I would like to have to at least re-enter my apple ID to get at this full list.