For Android, iOS and Chromebooks, such local attacks are ineffective because the secret key usually sits behind biometrics for the phone’s unlock. Additionally, phones are one of the most secure devices you can have because users find out almost immediately whether they lost them and they have remote wipe capability. The only case where a secret cannot be adequately protected is on Windows, Linux, and potentially Macs, which are inherently insecure.
There are a few issues with that statement:
- What about the rest?
- Can you make it more specific? How many bits of entropy constitute a “strong password”?
- I don’t see how that can help against someone looking at what you type.