The Device Password Protection is sometimes not sufficient.
I’m still a fan of the <encrypt database + support PGP keys with passphrase> option