MySudo user authentication is via encryption keys rather than username/password. Your private encryption keys are stored in your mobile device’s specific-purpose key storage. Sudo Platform does not have access to these private encryption keys. Access to those encryption keys is further controlled as they are prevented from being included in device backups without encryption.
Ultimately, protection of these private keys is only as good as how you control access to your mobile device and your mobile device App Store account (e.g. Apple ID).
MySudo on iOS allows you to configure Touch ID/Face ID, which requires your biometric authentication to open the application. This provides an additional layer of security if multiple people have physical access to your unlocked device.
Two-factor or biometric authentication could also be used to protect access to the mobile device as a whole, offering a further layer of logical access protection for your mobile device.