This one...um....30+ character passphrase? It's hard enough getting people to use more then a 5 or 6 digit pin. You want then to use a full 30+ character saying or group of words?
It's an unrealistic expectation, but it is technically correct.
You can read the report from Ledger where they reported on this attack here:
https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/Near the bottom there is a paragraph entitled "Mitigation" where they explain their reasoning. If the seed can be extracted, then the entire security of the wallet rests on the passphrase. They suggest a passphrase of 37
random characters (
not a phrase or series of words) is necessary to reach the same level of security as a 24 word mnemonic phrase would on its own.