The claim that Nash is more secure is based on the fact that limits can be placed on how much can be withdrawn. With hardware wallets e.g. on a ledger, once your 4-8 digit pin code is known, an attacker can immediately drain the wallet to 0 and there’s nothing you can do about it.
With Nash however, you can whitelist certain addresses or limit how much can be withdrawn in a 24 hour period e.g. 5 ETH worth. So say for example your login details are compromised e.g. phishing, an attacker is unable to drain the wallet because none of his wallet addresses are on your approved list and the maximum he could withdraw is 5 ETH worth of crypto. This way, you’ll have time to act by revoking this login’s access entirely with your 12 word seed.
Simplest way to think about this is you have a user key (login) and an admin key (12 word seed).
The idea is your everyday login is protected, but you are still in sole control of your funds through your 12 word seed which is ideally kept somewhere safe. For purchases larger than this self-imposed limit, it would be impractical to expect users to remember another set of credentials to override this but there are some ways to overcome this.