Choice of password storage and deployment seems to be an intensely-personal one that seems less attached to absolute security; it's based on how much one is really willing to trust others, how much one wants to hear about security, how exhausted one is hearing about security... and a lot of confusion because, technical-minded or not, there are a more variables than I think any one human can account for.
It's stressful.
I gave up on making recommendations long ago. Because of stuff like this (the latest lastpass breach), I can't in good-faith recommend cloud-based password storage, but because I know most people aren't as willing to invest a ton of time, I also can't in good-faith recommend "keepass database on cloud storage using an innocuous .png keyfile stored elsewhere that you have to wget on every new device".
It's stressful.
I gave up on making recommendations long ago. Because of stuff like this (the latest lastpass breach), I can't in good-faith recommend cloud-based password storage, but because I know most people aren't as willing to invest a ton of time, I also can't in good-faith recommend "keepass database on cloud storage using an innocuous .png keyfile stored elsewhere that you have to wget on every new device".