If your security needs actually require hardening against an attacker gaining physical control of your device, the very least you should do is turn on full disk encryption, which protects against virtually all of those cases.
But I think for the vast majority of people, this is a fantasy scenario. The far likelier attacks will be scams and phishing from from email, texts, and social media. And even likelier than those risks are the everyday non-attack-based risks like forgetting your passwords, getting sucked into conspiracy theories on social media, or having your device rendered unusable by a bad update.