2 of 2 multisig setup that's better than any 2of3 and you only need 2 HW, 1 seed and no wallet files.

Here’s a novel multisig setup that checks all the security boxes and only requires 1 seed plate + passphrase and 2 hardware wallets, one being a Coldcard and the other one of your choice. The heart of this setup requires a basic understanding of BIP85 however. While few people understand how the seed words we keep, break down simply to become a 256 bit number that we use as entropy into a system which can deterministically create billions of private keys for us to use, even fewer understand how that same process can be used to NOT just create private keys but other sets of seed words and even passwords. Coldcard is the only manufacturer who currently includes the ability to use BIP85 which is why it’s required. I’ll go over the setup first and then break down the game theory behind it.

First, use the coldcard to generate your seed entropy noting that coldcard uses the random number generator from the Microcontroller and both Secure Elements which are sourced by different manufacturers on different parts of the globe and combines all three values and then hashes them to “whiten” them and remove any potential bias contained within them. If you want, you can roll dice and add even more entropy yourself to create a super duper random value to use as your seed words. You save the words in the coldcard and etch those into a metal plate. You then enter a secure passphrase and record that separately as well. Now you use the Coldcards BIP85 feature to derive a new set of 12/24 seed words at index 0. You write these down on paper. Next you do the same thing again but derive a 12/24 seed word set at index 1 and record these on paper.

Next you destroy the seed on the coldcard and start over. This time you enter in the 12/24 words you wrote down on the piece of paper for index 0. Once you’re done, you do the same thing with your second hardware wallet, entering in the seed words you wrote down for index 1. You then burn both the pieces of paper destroying them. You aren’t worried since you know you can re-build them using the etched metal seed words and your passphrase. You then can proceed to set up a multisig using both hardware wallets. You then drive over a state and store your metal plate in a secure, unknown, new geographic location. (for this example lets say its securely hidden in your Aunt Marges barn on her farm) As for the second hardware wallet, you store that in a safe deposit box in a bank at least 1 hour or more from your home. (or across the country or whatever, I’m just giving an example)

Now no wallet files are needed since you are basically just using a two of two and can re-build your wallet file from either the two hardware devices or your seedplate/pass. Now the 2 of 2 multisig exponentially increases your security in a variety of ways since your not trusting any 1 device. (Note: the BIP 85 functionality can easily be verified so no need to trust the coldcard) If someone tries to do a $5 wrench attack on you, you have the security of geographic key distribution which is crucial. If you really want to have a copy of your wallet file you can make one and encrypt it using a super long secure passphrase generated by the coldcard as well…lets say index 3. (Just wanted to throw that out there as an option) With a highly encrypted digital wallet you can email to yourself and keep a copy on an insecure cloud to make sure you don’t loose it.

Game Theory: If your Coldcard at home is lost of damaged you can use your seedplate/pass to restore it. If the second hardware wallet at the bank is lost/stolen you can rebuild that in the same way. If your seed plate is lost/stolen you use your existing devices to move funds to a new seed plate following the same setup. I think this is a win/win over all. No multiple seed plates, no multiple wallet files.

Or course you can extend this further to do a 3 of 3 spread over 3 locations. Again, using BIP85 one seedplate/pass is all you need for backup. Inheritance can also be easily built in using seed xor. I'll write more about that next if yall are interested.