I like it. Perhaps you can use a weird idea of mine.

You can discard/modify part of a password before sending it to your backend. Then, when you log in the server has to brute force the missing part.

One could extend this with security questions like how many children pets and cars you own. What color was your car in 2024. Use that data to aid brute forcing.

The goal would be to be able to decrypt with fewer than 5 shards but make it as computation heavy as you like. If no one remembers the pink car it will take x hours longer.