If a user wants to use the mnemonic seed words for his wallet even in a few years/decades/..., will the same 24word seed be safe even in the post-quantum era? According to the BIP39 standard, it is protected by the HMAC SHA-512 hash function, so we assume that it is quantum-resistant (at least 256 bits of security post-quantum?). Let's not talk if QC are a real "threat", what the PQC will look like but just discuss the safety of those 24 words.

1) Do you think that from a UX point of view it will be possible to keep the existing seed and just generate a new PQC keys with a new derivation path?

2) I assume users with 12 words (128 bits of entropy without passphrase) would have to migrate to 24 words (256 bits of entropy) as 128 bits entropy is probably reduced to only 64 bits with Grover's algorithm.