Another tricky one is is geographic distribution of multisignature keys, there's little personal security gained if you keep a quorum of keys in one location!
I've designed a workflow to encourage geographic separation of each device alongside their respective backup, but it's still rough around the edges.. Some users may want to sit down and create all their backups at once, but then there's risk that they mix them up or get lazy and never distribute them into separate locations.
nostr:npub1q6mcr8tlr3l4gus3sfnw6772s7zae6hqncmw5wj27ejud5wcxf7q0nx7d5 have you thought about this particular challenge?
I’ve compartmentalized the problem for now until I get further along.
The basic idea I am working with is that the wallet component has its own key managed by the client user application. It never sees the owner’s key and vice-versa, the user never needs to see the wallet key. If there is a problem, the wallet can be replicated to a new instance and the old one burnt.
