::
How often are your email, bank account, Netflix account, etc. getting their passwords stolen out from under you? Those usernames are generally just a email address that’s not private and easily guessed.
A wallet is like a username with 24 random words that has a 25th word (pass phrase) as the password …this is an analogy of course.
I could start brute forcing your email address simply by knowing your email address because you sent me an email.
Simple digital security practices eliminates most risk and 2FA is still nothing compared to the entropy of 24 word seed phrases.
TLDR; common digital use cases are exponentially more vulnerable to key loggers but completely avoidable too. Hardware wallets are monumentally more secure even when exposed to similar threats.