This article points out that if your iOS passcode is discovered, your passwords stored in the iOS KeyChain will be exposed. This is correct. The solution is to store your passwords somewhere else. Like SamuraiSafe.

If you use SamuraiSafe for autofill, knowing the iOS password won’t expose your passwords stored in SamuraiSafe. If you have enabled TouchID or FaceID, you need a valid biometric authentication in order to access SamuraiSafe. If you add a new TouchID or FaceID credential, SamuraiSafe will invalidate the stored SamuraiSafe password.