2 of 3 multisig w/ unchained has been a huge peace of mind for me. They’ve got a lot of material on it.

Essentially, you have 2 keys, and the third goes to unchained as a backup in case you lose one of yours. They can’t actually do anything with your funds, and it still takes intentionality on your part to handle the remaining 2.

It eliminates single points of failure and the need for passphrases. You can easily keep the setup completely airgapped, which I highly recommend.

As long as you keep your hardware wallets separate, you’re immune to the $5 wrench attack. Having a key be stolen results in nothing. Losing a key is way more likely, and also results in nothing. You just have to retrieve your backup from unchained (which takes about a day because their ID verification is stricter than just about everything), and then transfer the funds to a new wallet and set up a new multisig.