Security needs to be thought of on a global scale. Not global as in all over the Earth, but global in the sense of the overall approach to security. There is no "perfect" security scheme. Basically, if two people know something, it's not a secret. So you and your computer know your password, which means it's not secret. But if you do security in layers, you can get pretty close to airtight. It's called the "Swiss cheese" approach. You have several pieces of Swiss cheese. Each has one or more holes in it, but if you layer them up, you can accommodate for the hole in one with the solid area in another. Put enough slices of Swiss cheese together and you have no holes anymore.
So what does that mean to us as users? Well, we need to layer up security. I have a strong password on my Mac. Slice one. I don't encrypt the drive, but I could if I wanted another slice of cheese. But for now, I have a strong password. I keep my laptop in a relatively secure place, don't leave it around. When I used to be a road warrior, I had the Kensington lock and always locked down my laptop to a strong fixture. Slice two. Then I have a password keeper and generator with another strong password. Three slices. I use individual randomly generated passwords of 16-18 letters, numbers, symbols for each account. Four slices. Then for all accounts online that offer them I have 2FA activated. Five. I password protect my iPhone and use facial recognition on it (no children around that look much like me, so that's pretty safe). Up to six layers now. Sometimes I use a VPN, but not religiously. If you used a good VPN that could be layer 7, encrypt the drive and you have 8. Firmware password would be 9 but I'm not working for any spy agencies, so that is really overkill.
Now some of those layers are more vulnerable than others, and some are about to become immaterial. Quantum computing is going to make passwords of any length or complexity easy to crack. One can only hope that someone is working on quantum passwords to counter that. But even with a cracked password, the malefactor still needs my devices for the 2FA. If it gets bad enough, I'll pull out of the online economy and keep my stuff in a mattress.
If Apple comes out with facial recognition, or some other biometric, for security, I'll add that layer as well. You have to keep inspecting the slices of cheese in your stack for weaknesses and threats. But don't trust in any ONE slice. You need the stack.