Users picked their own passphrase, so it depends on how good OP's password picking abilities at the time were. Also, there is hopefully a higher chance he remembers some of a password or passphrase he picked himself rather than one he was given.
In the event anyone else in the same boat is following this thread my post on stack exchange covers how to test decryption of shared seed for a multisig vault
https://bitcoin.stackexchange.com/questions/111851/how-to-test-decryption-of-shared-seed-for-a-multisig-vaultUnfortunately, all my attempts at a password failed. In addition to that, researching my email leads me to believe I was using a password manager that supports strong password creation at the time of the vault creation so I didn't pick a password. That is what rubs me the wrong way in this situation since I stored (what I thought to be) all the essential information for the vault (user seed, shared seed, all three public keys, etc). I was (and still am) a noob and didn't understand any of the working parts.
Continuing down the rabbit hole...
On the topic of brute forcing, This YouTube video covers running BTCRecover with Vast.ai (rented servers)
https://www.youtube.com/watch?v=8Zqc-2Te3zQ and in the first 10 seconds, he states that "In one 24 hour period, with $50 worth of hash power, this could knock over about as much as my CPU could do if it was running for 3 years straight"
I fully understand attempting BIP38 wallet recovery on rented servers is not secure, as there is no ability to do any kind of "Wallet Extract" or anything like that. The server owner would possess the key if decryption succeeds.
My two questions are this:
As my wallet is multisig, does that decrease the risk dramatically?
Assuming the answer to the above question is "yes", I'd be willing to throw a few hundred $$ at this which would get me over a decade of hashing power.
Besides, it will make a funny story if nothing else.
Assuming my password generator did a great job and produced a really awesome completely random password is a decade going to even come close or are we talking over 100 years to crack?
It is not easy to find answers on BIP38, everything seems to be focused on BIP39.