For those using hardware wallet, what will really happen in real life is as below...
Hacker: Hey, gimme your seeds.
Victim: Okay, here you go. The passphrase. You can have everything in it. Please let me go now.
Hacker: Har har harrr.... Nice try, pal. I am not asking for the passphrase. I am asking for the seeds! And we have our computer standing by to validate the seeds on the spot.
Victim: Ops. Oh nooo....
Seed
s? Why would you have multiple seeds? You still don't seem to understand how
a single BIP39 seed and use of passphrases work for being able to hide your coins in totally invisibile, undetectable, hidden wallets...
It goes more like this:
Hacker: Hey, gimme your seed. And we have our computer standing by to validate the seed on the spot.
Victim: Okay, here you go. Have my seed... all 24 words of it...
Hacker: <Enters seed and discovers default wallet with only 5 BTC in it> Is that everything?
Victim: Yep... that's all my coins!
Hacker: <Unable to prove existence of any other wallets> Well, thanks for the coins... wooo $20K, I'm rich! you're free to go
Victim: Phew... good thing they didn't know about the hidden wallets/addresses containing my other 20 BTC generated from that seed + my personal private passphrase(s) that only I know about... BECAUSE THERE IS NO EVIDENCE ANYWHERE THAT THIS HIDDEN WALLET EXISTS... I'd best go regenerate my hidden wallet and move my coins to a new seed (+passphrase) using one of the freely available desktop wallets or buy another hardware wallet and restore it or use something like the opensource BIP39 mnemonic code converter websites to get the keys and sweep them.
compared with say:
Hacker: Hey, we hacked your email/cloud storage... we found these 5 encrypted files... give us the password(s) to decrypt the files. And we have our computer standing by to validate the passwords on the spot.
Victim: Okay, here you go. Have my password(s)... Please let me go now.
Hacker: <Enters passwords and decrypts all 5 files, each one containing a private key with 5 BTC on it>Thanks for the 25 BTC... wooo $100K, we're superrich!... you're free to go
Victim: Damn... that was ALL my coins, now I'm broke
Do you see my concern with storing encrypted keys now? It leaves traces/evidence behind. It has to, as these encrypted files need to exist somewhere for me to be able to decrypt them to get my keys out. Sure, you could try and hide all your keys around multiple email accounts... or stored on different encrypted devices in different locations... but there is still tangible/physical evidence that these devices/files exist and that means they could be discovered. It also completely negates the "convenience" of your method, having stuff spread everywhere.
With a seed (+ passphrase)... I can store it encrypted, and if my email/cloud backup is hacked, and they find my encrypted seed, I can hand over the password to decrypt the seed... The seed on it's own will generate a valid wallet and valid addresses that I can put some coins in as a decoy (or even for use as a relatively secure hot wallet). However, my main stash of coins can be hidden using the SAME seed in combination with a passphrase. This will generate a completely different wallet with completely different addresses.
Now the hackers might be smart and be like... "Ok, buster we know all about passphrases... hand it over!"... but you can say "I don't bother using one it's too hard to remember these things!"... and they simply cannot prove that you have a passphrase. There is NO evidence anywhere of this hidden wallet existing... but it can be generated at anytime by using the seed+passphrase... Can you recreate an encrypted file containing your private key(s) from 24 words written on a piece of paper and a passphrase?
No one is denying that securing the seed is the weak link in the hardware wallet chain. However, you can encrypt the seed and put it in various places like emails/cloud storage... and even if these are compromised by a hacker, you can still be protected by having your hidden wallet as outlined above, whereas a simple encrypted file only has 1 layer of protection...
Besides, if you want to use hardware wallet, you need to remember:
1. The 12-word/24-word seeds.
You don't need to remember this... you just need to store it securely.
2. The PIN.
Yeah... 4-6 digit numbers that you get to choose are so hard to memorise...
3. The passphrase.
Yes, just like your encryption password for your encrypted keys
4. The encryption password for the seeds (if you do backup on that).
Yep... so that's one extra password I need to remember...
5. The encryption password for the PIN (if you do backup on that).
6. The encryption password for the passphrase (if you do backup on that).
Seriously? Encrypt my pin? and why would you encrypt your passphrase? It is the same thing as remembering your encryption password AND it potentially leaves evidence that your passphrase exists
In total... you only need to remember 2 passwords/passphrases... One is the encryption password for the secure backup of your seed... and the other is the passphrase that protects your hidden wallet.
With the method I laid out in my steemit article, you only need to remember:
1. The encryption password for the keys.
If my method is not far more convenient, I don't know what is.
1 passphrase vs 2. Technically, yes it is more convenient... but it certainly isn't "far more" convenient.
Buying a 2nd computer is compulsory for maximum security, regardless of whether you go for hardware wallet or not.
Why do you need a 2nd computer? Hardware wallets allow you to use any computer/device you like... as they don't expose the keys to the device. That's the whole point. You don't need to be using an "offline" computer to set them up or use them.