My current PIN is 6 digits, so ~7500 can also unlock my phone on a random guess. Chances are the first five people to try will trigger the passcode though.
Haven't checked your math but that's random guesses on an insecure password and prevented by rate limiting, you can't just enter 7.5 billion passwords.
Face recognition (other than Face ID I mean) is fairly advanced. Let's say a government wanted to unlock my phone they could search for similiar faces and just pay the person. Sure a lot of trouble for unlocking a phone and it's theoretical but it's still a flawed system in my opinion.
There's no perfect solution to this problem. Secure password is too clumsy to enter on phone many times per hour. Passcodes are easy to catch via shoulder surfing.
Sure, I see that but different users - different habits.
I manage just fine with a 25+ character random alphanumerical password that I change at least every six months. I only use Touch ID when I'm home and am very aware when entering my password. In the end it's just a phone but I like to have it at somewhat secure.
