Something relevant I learned decades ago: When assessing your security measures in place (or needed) a useful part of your analysis is to look at it all as how much inconvenience you are willing to put yourself through in order to provide enough "inconvenience" to a potential perpetrator that it overcomes their willingness to continue. Use of security tools inhibits your ability to conduct your activities, but if somebody wants what you've got bad enough, they can get it.
ALL types and extents of security can be analyzed this way.
The physical security of your body or your property, from using situational awareness while walking around to hiring bodyguards and from inexpensive locks on the front door of your house ("locks only keep honest people out") to building a wall around it with lookout towers, armed guards and razor wire.
Electronic security is subject to the same review. Rudimentary measures are (fortunately) imposed on us, such as 4-character passwords (mostly in the past now) to multi-factor authentication, biometrics, etc, and the good methods described by UG members in this thread and elsewhere.
These things slightly impede our use of the electronic things we enjoy, but they degrade their attractiveness to potential bad actors, hopefully to the point they move on.
Thieves of all kinds may look for a different victim, or give up their plan entirely.
My 3 cents.