If you are using Microsoft Azure Functions in your Dynamics 365 and Power Platform projects (and you should be), then you should never use a simple username and password authentication to your Dynamics 365. The same applies if you have a web application, website, or any other external solution accessing your common data services (CDS).
You should instead consider using single-tenant server-to-server authentication. This is different from a multi-tenant situation where your web application where the application resides on a different tenant to where your CDS is.
For Single-tenant server to server (S2S) authentication, the process is a bit lengthy but pretty straight forward. Here is a link to the official documentation on how to do this:
You might also want to explore how you can connect your Azure functions using Azure key vault via this article: https://community.dynamics.com/crm/b/crminthefield/archive/2019/05/29/certificate-based-authentication-with-azure-functions-key-vault