Here's where the magic happens. I use keepass, and let it create a high entropy passphrase for me. Then I let keepass type the passphrase in for me.

Everyone says don't inter your seed phrase online, and I agree. I only enter my passphrase online. And keepass has a number of settings to circumvent key loggers.

But let's face it. If by some miracle someone spoofed my passphrase. They still need my seed phrase. The likelihood of getting both is slimming and none, and slim has left the building..💻💎🧡🤠🗽