Disney Employee Targeted in Password Manager Hack

[FrodoSwaggins]

On-device encryption is almost identical to what Apple does. Essentially, there is a key that is created based on your access method (a PIN, passkey, or whatever) and it is stored only on your device. So long as you can supply the access method, combined with the key, it can decrypt the data on your phone. So, if you were to lose your access method (PIN, etc.) you would be unable to get your data back--and Google would not be able to help you, as they would not have the key, either.
This is the ultimate in security but it does come with risks since there's no cloud backup to rely on. You would need to ensure you put your own contingency plans in place such as taking your own backups (lots of apps exist to help you do this.)

So in this example, your cellphone would become your 2FA for decryption? Or what? I'm definitely got getting it. And in this example, does Google keep backups of your passwords or not? I thought the entire point was Google is keeping your passwords in a central vault so to speak. Is it just a COPY that's encrypted on your device or the ONLY COPY?