Right off the bat, password protecting your backups should not be seen as any form of ransomware protection. Ransomware does not have to be able to interpret your files in order to be able to encrypt them. It would simply apply its own encryption on top of the encryption used within the backup files. The purpose of password protecting backups is to restrict the ability to access the contents of the backups, e.g. to prevent random people from being able to access confidential/sensitive data, especially if the backup drive were to fall into the wrong hands. It is NOT to protect against malicious modification.
With that out of the way, Image Guardian in my view is certainly an improvement over not having Image Guardian. But it cannot protect backups as effectively as an air gap can. No software could. Most ransomware does not run with elevated privileges because it typically does not need them to do its damage, and in those scenarios Image Guardian would be a highly effective tool. But if ransomware DID gain elevated privileges by tricking the user into accepting a UAC prompt or by exploiting a privilege escalation vulnerability, then there's no way that Image Guardian or anything else could guarantee the security of your data, because at that point you have one admin-level bit of software fighting another one. Also, Image Guardian specifically does not attempt to prevent ALL possible means of affecting your backups. I mentioned recently in another thread that Image Guardian will do nothing to stop you or malware from formatting a volume that contains Reflect backups, or applying full volume encryption to it. That is simply not what it is designed to do. Both of those operations require admin-level privileges, however. (My post is in this thread
if you care for some reading.)
That said, security and convenience are often diametrically opposed goals, so everyone has to decide what level of security they actually need and are willing to live with. I personally use Image Guardian for my external hard drive that is connected all the time, but I also have a mostly-offline drive that serves as a clone of my external drive but only gets updated periodically. And I also back up my truly crucial data to the cloud.
In terms of a software solution to take a partition offline and then bring it back just for Reflect, there's no secure way to do that. I've seen a few users here ask for a way to have Reflect remove a drive letter assignment from a destination drive after sending a backup to it. And I even wrote a PowerShell script once that would do that, as well as finding the correct volume and creating the drive letter assignment before the backup started, mostly just to see if I could make it work. But that is security by obscurity, which is no real security at all. And ransomware has been shown not to spare hidden volumes.
Bottom line: There is no substitute for a proper air gap. But if you want it, then there are no shortcuts either, at least not any that preserve the security of an air gap that made it attractive to you in the first place.