Single-sig vs. Multi-sig It is crucial to safeguard your bitcoin assets so that:

When properly set up, multi-sig provides the following security benefits:

Multi-sig also offers additional functionality possibilities, such as:

The main reason cited for using single-sig vs. multi-sig is that multi-sig is too complex and thus carries additional risks. However, this is a false sense of security because securely managing a single-sig requires additional complexity, such as:

Passphrases bring multiple risks: Are they random and complex enough to resist brute force attacks? Many hardware wallets offer the option to use BIP39 words, making it easy to enter the passphrase. However, if you use <12 words, your passphrase is weaker than a 12-word seed phrase. There is no standard for securely storing passphrases. You have your seed in steel, what do you do with your passphrase? On paper? On the computer? In your head? How do you guarantee that no one gains unauthorized access? Physical copies of seeds and passphrases: If you lose your seed or passphrase, you can no longer access your bitcoin. Therefore, additional locations are needed to store your passphrase separately from your seed phrase. Additional locations that you must secure and check regularly.

The complexity required to set up a secure single-sig is not lower than setting up a multi-sig. In fact, because you can use standards for multi-sig, it is, in our opinion, a safer solution. The biggest technical drawback of multi-sig is that you need the so-called 'wallet descriptor' to restore your wallet; this issue has been solved by @SeedHammer .

Multisig in a purely technical context is about non-reliance on either a single source of entropy or exfiltration.

Say you do something dumb like store a large amount of Bitcoin in a mobile wallet, well some employee at Google or Apple, or maybe even just an exploit of the device's software, could exfiltrate your key to their servers and sweep your coin without any evidence.

Had you a 2:2 multisig, the phone key alone would be inadequate to sweep.

It could be even less dumb than that, say a clean linux install on a name brand PC with an Intel, AMD, or ARM chip that has NSA-level skewing of the random number generator. Even if it was airgapped, your key could be re-created by an attacker and scanned for outputs.

It could also be a honeypot like a HWW that stealth shipped a similar backdoor.

By using 2+ signatures, no single attack is adequate... it's about requiring multiple coordinated attacks or collusion which vastly increases your security threshold.

Memory is not a storage strategy no matter how much people want to think it is, as there are factors like future cognitive impairment and inheritance scenarios that rule it out for anyone needing a serious setup. 

For passphrasing stuff with encryption, that can be done at a higher layer like keeping encrypted instructions on a cloud drive. The problem with that is password patterns from the 80s are still the zeitgeist.

This old XKCD summarizes my view on passwords: