It seems like the recommendation for validator mnemonics is to just write them down (e.g., engraved on a metal card) and store them in a safe place. However, I am concerned about this “single point of failure” (e.g., bad guy robs my house and gets immediate access to withdrawing my stake). What is the typical solution to this? I am thinking either I can split the words in the mnemonic (e.g., 12 stored physically and 12 stored in a password manager), or use a mnemonic password (memorized and/or stored in a password manager). That way, it would require a breakdown of security in two separate places for things to be compromised. The password option also gives an additional possibility of a “decoy password” that points to a low-value account.
The mnemonic-password flag is supported by eth2-deposit-cli, but only for existing mnemonics. It seems like the use of this is discouraged. But I am not exactly sure why–it seems like a useful solution to me. Really appreciate any pointers here. Thanks!