Monero cold storage — long-term safe self-custody

The cold-storage spectrum (least → most secure)

Encrypted hot wallet on a personal device. Wallet on your phone/laptop, strong passphrase. Convenient. Fails to: malware, device theft + brute-force, screen-recording.
Paper / metal seed backup, hot wallet for spending. Seed words on metal, hot wallet for daily use. Survives device loss. Fails to: physical theft of the metal, photo-of-seed, family member finding it.
View-only wallet on online machine, offline signing. View-only sees balance + builds tx; offline air-gapped wallet signs. The signed tx file moves via QR/USB. Defends against malware on the online box.
Hardware wallet (Trezor / Ledger / Cypherock). Keys never leave the device. Tx is built by the host, signed by the HW. Practical for most users.
Multisig (2-of-3 / 3-of-5). Multiple devices/keys required to spend. Survives single-device compromise. Setup complexity is real — practice the recovery.
Sharded seed (SLIP-0039 / Shamir). Seed split across N locations, M needed to reconstruct. Often combined with multisig. Most paranoid tier.

< 1 XMR / spending money: hot wallet with strong passphrase is fine. Don't over-engineer.
1–50 XMR / personal savings: hardware wallet OR view-only + offline signing. Metal seed backup.
50+ XMR / serious holdings: multisig 2-of-3, geographic separation of key locations. Test recovery before you depend on it.
"State adversary" threat model: multisig + sharded seed + plausible deniability via hidden wallet passphrase.

Generate the wallet on an offline machine (ideally a permanent air-gap — Tails / hardened laptop with WiFi/BT physically disabled).
Export the view-only key from that wallet.
Import view-only on your online machine — it sees the balance, can build unsigned transactions, cannot spend.
To send: build unsigned tx on online machine → write to QR/USB → import on offline machine → sign → write signed tx to QR/USB → broadcast from online machine.
Verify the destination address on the offline machine before signing. Malware on the online box can swap an address before you see it.

Trezor Model T / Safe 3: native Monero support via Monero GUI / Feather. Strong pick.
Ledger Nano X / S Plus: Monero supported via the Monero app. Closed-source secure element; works fine in practice.
Cypherock X1: built-in sharding (Shamir). Newer, harder-to-find, but architecturally interesting for paranoid users.
Kasshara / Keystone 3: air-gapped QR-only HWs, no USB attack surface.

"I'll remember the passphrase." No you won't. Write it down, test that you can read it back, store separately from seed.
Photo of seed on phone. Phone backs up to iCloud / Google. Cloud account compromise = funds gone. Never.
Single metal backup in a fire-prone house. Two locations minimum. Different addresses, different access patterns.
Hardware wallet "tested" only on send, never on recovery. Always restore the wallet from seed onto a second device and verify before trusting it.
Forgot the wallet exists. Yearly review of all storage locations + balances. Calendar it.
Death without inheritance plan. Multisig or sharded with a trusted recovery path documented. "Just give my brother the seed when I die" is a bad plan.