I disabled all security check on my Iphone. With no passwords, no Face ID, I'm saving so many seconds and if I forget my phone somewhere it can be easily returned to me.
My private data is not worse than average and I have nothing to hide.
You have a lot to hide, you just don't know it. Everyone who doesn't want to be a victim of identity theft has something to hide, so the common statement "If you've done nothing wrong, you have nothing to hide" is flatly untrue.
If you disagree, then send me all of your logins, passwords, and answers to security questions. If you refuse, then you now understand that there are things that you definitely need to hide.
I see this come up so often that I have to ask.
Which websites are you people "visiting"? Because you all seem quite paranoid that someone will know you've "been there".
[doublepost=1539531256][/doublepost]
How can they get into banking apps?
Sure they can go to town on many of the other things you've listed, but tell me how you think the thief can get into someone's banking apps without their password/finger ID etc input?
I'll start with your second question. First of all, you don't need access to the application to have access to the account. So the better question is how does the thief get access to your online banking (or any online account really).
Go to the website for whatever login are trying to take over (email, banking, Facebook, Amazon, whatever). Use the "forgot password" link. Verify with email address, which you can do because you have the owner's email.
Maybe there's two factor authentication, but that's no problem because the second factor is typically phone-related (a text message with a code, a telephone call stating the code, or an authentication application like Google Authenticator or Symantec VIP). Now you have 100% of the accounts which use email and/or the phone for authentication.
What's left are accounts that also use security questions. This is a little harder, but not impossible. Look on Facebook. Search through email. Pretend you are the phone's owner and ask via text messaging, for example "hey, I was reminiscing today and I forgot the name of my elementary school, do you remember?"
Now, back to the first question. Aside from the obvious naughty stuff that's private and nobody else's business, your browser history will include all of the websites you visit that have accounts that the thief can take over. In many cases there may even be cookies which enable him to "still be logged in" as if it were you. If it weren't for the browser history, the thief might not know to go there.