Right, at least they are honest about it and - in a way- comply with GDPR by avoiding it.

You’ll need an exception handler for all those dropping panties.

From a security perspective, unlocking your third-party password manager AND your 2FA authenticator on the same phone with FaceID is not the best solution. An attacker who manages to compromise FaceID will have access to your credentials as well as your 2FA codes.

That’s why I recommend a separate 2FA app with a custom 6-digit pin lock.

I am wondering too. The comments are too nice.

For the moment, short term, this is a good initiative. But I don’t think it’s a sustainable approach for app developers. Any man in the middle is a potential source of failure.