semisol @Semisol - 21d
The best multisig protection model is that physical time and distance requirements. No duress PIN will protect you when they can extract your multisig descriptor from your laptop or a physical backup and check, or know your amount of holdings. A wipe/brick feature will be as good as giving no PIN. Physical backups will always be a weakness too.
What changes? Except that you know someone tried to access it and failed, and that’s what the failed PIN counter is for
Data loss. And you can still be held at gunpoint.
I’m working on a lot more than that… :)