I’m just thinking of total riskI think you are confusing a targeted multi vector attack against typically well managed and secured resources with someone losing their phone.
There’s evidence that the thefts a while ago were an organised gang, at least in the sense a lot of cars were taken in one area.
I get the “lost phone” scenario in the same way people lost car keys, but they then need to find the car the phone matches.
As I said in my first post on the topic, I can see why some would use P2D, and I do in a few specific situations, I guess I’m just questioning if some think they’re protected because of it while doing other things like widespread sharing of tokens for various reasons which might undo some of the protection, and they don’t realise the potential consequences.