Use un-memorable passphrase and store elsewhere, pseudo-multisig without extra costs / signing friction