Not just really long passphrases to be honest... I noted with interest that a Google Authenticator App I have been using (Aegis), will actually prompt you after a certain number of numbers to use your master password rather than the fingerprint to sign in. "It's been a while since you logged in with your password, do you still remember it"... I thought that was a great feature.

But yes, with regards to all this, it really comes down to your own personal level of risk aversion/acceptance. If you're happy with the system you've got, understand any risks involved and take appropriate steps to mitigate those risks, then you should be OK.

It's the folks who don't understand what they're getting into and don't take adequate steps to mitigate the risks that get in trouble.