contour0806 I've been doing this for a while and it works well. I just wanted to see if the approach is actually valid.
My thinking: If the assumption that an adversary gets physical access when the device is powered off is not valid, the "auto reboot" setting being enabled can help to mitigate this, by giving a limited amount of time to brute force the weaker secondary user profile. Am I correct in assuming that once a secondary user profile session is started, if the adversary got physical access while the device was on a lock screen they would still come up against the weaver token rate-limiting for accessing that secondary user profile?
A bit off topic, but putting all user data in secondary user profiles also seems to make sense in that, as far as I understand, the Owner profile stores sensitive OS information that secondary user profiles do not.