You can always use something like SSHwifty It retains your logins through your browser’s session data and never on your server, but it will allow you to remote into your local system from anywhere on the WWW if you desire to do so. With Tailscale, once you are connected into your Tailnet, you can pretty much SSH into any of your devices as long as the subnet sharing flag is turned on I believe. I’ve never had any issues with mine not allowing any SSH connections.
What about bad actors which swipe the phone, and it’s behind the biometric lock? Too many failed attempts may or may not be a sign of it not working well, so if it bases part of it on the failed attempts, it would lower the chances of being further protected. I know they would ask for the pattern/pin or password to re-enroll the biometric, but let’s assume that’s already known, then game over.