Use two layer customized authentication (Score 1)

I am developing a scheme of double layer customized authentication method with sysmask: http://wims.unice.fr/sysmask/doc/auth.txt.

Put a whatever password in the usual /etc/shadow. Usually a weak but easy to remember one.

When this password is accepted, put the user to a strong quarantine jail with a sh environment that can only be used to enter a second layer passphrase or any other custom authentication method.

The second layer authentication can be a long but easy to remember phrase, enforced using a simple custom shell script. I myself am using interactive methods which is even stronger: even if my ssh line is cracked, the password is not leaked.