I once had auto reset enabled on my phone after 10 attempts, and then somehow while it was in my gym bag it proceeded to accidentally get buttons pressed and reset itself. Better to set that number to 1000 instead of 10.
How's that even possible? AFAIK after the first few attempts there's an exponentially increasing lockout time between passcode attempts, so the random button pressings would have to persist for a long time for it to reach 10 attempts.
Nowadays the time between guesses increases exponentially. So by the time you are close to a reset, you need to wait a few hours or days before the next and final guess.
I set mine to four attempts, figuring that if I screw my passcode up four times it takes me like an hour to restore the device state from backup/MDM but if someone thought they had guesses at my passcode they'd lose that much quicker. Everything I can't "live without" that I use my phone for day to day is in GSuite/Spotify/iCloud/1Password anyway.
(I now really pay attention when typing my passcode, which doesn't happen often because of Touch ID)
Those, too, can be backed up, though for a while, at least on Android, Google Authenticator could not be (unless rooted, and even then, a nontrivial undertaking). This, AFAIK, has changed.