* Do you know of the 5 axis of attack areas you should be aware about - Browser, Network, Software, Email, Password
4 of them (Browser, network, software, email) are circumvented by storing your coins offline.
A strong password is necessary to be secure against physical access (e.g. hardware wallet / cold wallet on a computer).
Regarding the hardware wallet: Most do wipe the data after X wrong attempts to enter the pin (e.g. ledger nano after 3 times).
Regarding the cold wallet on a PC: You could use an encryption algorithm with tons of iterations to slow down the decryption process -> Bruteforcing no longer possible even with only a 6-8 char alpha numerical password.
* If both your phone and laptop were stolen tomorrow, are you prepared against loss of assets and for recovery?
Simple question.
If your coins are stored on a hardware wallet: Nothing lost, you still have full access as the only person.
If your coins are stored on a desktop- / mobile wallet:
- One should always have his wallet protected (encrypted private keys trough password / android mobile always encrypted (which is default with android 7+) + no developer mode + not rooted + locked with a pin)
- One should always have a backup of the seed used
If both points apply, it is not a problem within the next few hours / days / weeks in which you should recover your coins with your backup and send them to a freshly created wallet.