That’s been covered a few times already, the last 2 are here and here.
You really shouldn’t rely on an app password but use a good PIN (and maybe don’t leave your phone unattended), together with encryption that should be fine.