m/87'/0'/0'/[UNIX-TIME]/{0,1}/* would work well with the backup scheme @salvatoshi proposed.
A date is easy to render in a user friendly way “did you create this wallet on …”.
One downside is that co-signers know your xpub. This is what makes the descriptor backup scheme work. They can’t find your single-sig wallet, as that has different purpose derivation.
It would take them some brute force to find the other multisigs (pick a random date, derive N pub keys, see if they appear in a OP_CHECKSIGADD). If the user uses MuSig2 in these other multisigs and never a recovery path, it would be impossible to find, unless you also know the xpub of their cosigner in the other multisig.
Wallets could recommend that the user manually picks a unique account number. As long as that’s below 1 million or so it wouldn’t break the backup scheme, as during recovery it can iterate through many account numbers.