You need to make sure none accesses your phone even when stolen (for a myriad of other reasons as well) so passwort protect it.
This has nothing to do with WG-easy or any wireguard implementation itself-it's simply part of Wireguard.
What you could do to at least discourage an attack is to save parts of the secrets (Preshared key, public key of your network) in a password manager like bitwarden and copy and paste it into the client every time you connect - and remove it from there after you're done.
But be aware that this will only discourage a technically inept attacker - the WG client and the OS,etc. will keep enough of data of these transactions around to easily find out this information and for a good attacker you actually make it easier this way.
So I would clearly not recommend it. Password protect your phone.
WAG and other solutions put another layer between your network and WG. Basically they add a captive portal and only "unlock" it once you authorised yourself there. It is not a pretty solution and you need to be aware that it easily locks you out of your own network.
Another solution could be that you build two WG connections - one that is limited to your firewall and can exclusively connect to that device.
And one that has broader access. Use the first one to enable access, the later one for actual access. Then the first one to disable access again.
The WG easy container should always be run behind an authentication layer,even in LAN as it enables an attacker (who might be already in the LAN) establish full outside connections.
This can easily be achieved with a reverse proxy like Caddy/nginx proxy manager. The container then needs to be behind the proxy in it's own network with only the WG port exposed. Requires a bit of work but is easily doable...And Portainer is your friend in that regard.