I agree with arubi here. If users start depending on any particular method to input their secret to access their funds, hackers will eventually design trojans to exploit it. Once your OS is compromised you cannot rely on fancy methods of entering your secret into the computer. That will just give users a false sense of security.
This is why multisig is essential. Let the hacker see the funds in your main account, they still won't be able to steal all of your money since the third-party company holding one of the three keys for multsig won't allow a huge transfer of wealth in a 24 hour period without further verification. You could establish your own the limits, for example: if less than $100 will be moved today and other limits haven't been reached, then sign as long as my account has already signed the transaction; if greater than $100 will be moved today or greater than $250 will be moved in the last three days, then require a two-factor authentication code that is only accessible from my smartphone; if greater than $3,000 will be moved in the last week, then have an employee call me on the phone, verify I am the one speaking (by comparing to a previous recording of me), and have me confirm that I want to make the transaction; if greater than $20,000 will be moved in the last week, then require that I come to the nearest facility in person to verify my identity using biometrics and confirm I want to make the transaction.