gk7ncklxlts99w1 I think you have a fundamental misunderstanding of password security...coming from a systems administrator for multiple highly targeted websites.
If your security model calls for it, of course, consider it, but if you are only using a profile for encapsulation you don't need to worry about this. This is why private space let's you copy over pin/fingerprint credentials.
Cybersec isn't about following "rules", that's not how this works....its about considering what you need and implications of decisions.
Do you need 3 different passwords? Are you only using profiles to encapsulate Google services? Can you do what you need in private spaces? Is there a profile explicitly for sensitive data?
The reason password reusage is an issue with online services is because anyone, at any time, can attempt authentication. This is why SSH auth via password is looked down on, and as you mentioned, password reusage on online services is discouraged.
However, this isn't the same as a pin for profiles on the same device. There isn't going to be an article that gives you a simple answer.
As I said, it doesn't work like that.
Also (outside of a select few programs like ClamAV) anti-virus is a scam....Save yourself $100 and avoid executing applications you don't trust (keeping your device updated is good advice however)
This comes off as a little harsh and please understand this frustration is mostly directed at 'tech/privacy influencers' and similar outlets that sell 'rules' to follow rather than teaching critical thinking and basic computer usage. It creates situations where, at best, it makes for a worse user experience, and at worse, actively makes people ignore huge problematic privacy/security behaviors.