[mikeash]

Shouldn’t matter. The key thing is to have a strong password, and disable any biometric authentication beforehand. (You can do this by squeezing the side buttons for a few seconds until the “power off” screen appears. The phone will then require a password before reenabling biometric authentication.)

[floatingatoll]

Will that also terminate the in-memory ephemeral key that’s set up at first login to permit background app refreshes?

[mikeash]

Good question, I forgot about that. I'd have to read through the security guide again. I wouldn't personally worry about that, as I think the system is sufficiently robust against external attacks, but obviously other people's priorities and levels of paranoia may differ.