@michal and @Mattches Just wanted to make sure to tag the both of you here. I just confirmed this on my iPhone. For some reason when you go to Settings → Logins & Passwords and then choose any of the saved logins, when you click on password you get option for Copy and Reveal. If you go to `Reveal it will open Face Recognition or whichever security you have.
However, if you choose Copy instead, it works as OP mentioned. It will copy directly to your clipboard the password without Facial Recognition or any security prompt. So anyone with access would be able to copy and then paste somewhere to see what the password was.
On Android, this isn’t the case. If you try to Copy it would make you Verify your identity using your lock screen code or whatever.
Not sure how big of a deal it is in the long run, but it definitely seems to be an oversight.
Fortunately in Windows (10) it asks for the login/admin password even for the “copy” command. But yes, it’s something that must be corrected on Brave for iOS.
Wanted to give an fyi. I spoke directly with Mattches on this and he said was notifying team about it. So while no further commenting here, it was acknowledged and is supposedly being looked into