At the end of the day using a hardware device is going to be way more secure than exposing your private key to a general purpose computer.

If vendor and supply chain attacks are in your threat model, then use multisig, otherwise single-sig + passphrase with an airgapped coldcard device should be ok and is simpler to backup over long periods of time. This was my goto-recommendation for ages but I’m not sure how long that will be if supply chain attacks ramp up.

Alternatively you can just do a 2of2 or 2of3 multisig with two different hwws and a tapsigner for convenience. Just make sure to have plate backups for both wallets stored in two physically separate locations.

This is a bit more complicated, this is why Ive always like the simplicity of singlesig + passphrase. Passphrase acts like a two factor in case the physical security of the seed is compromised.