I found every reply valuable. I've read a lot about passphrases.
I would definitely keep that info offline--NO cloud--and having a potable .kbdx file is gold.
Got the keep(XC) stuff from repo. Brave new world now
Appreciate the perspectives and especially the clarity. Thanks.
Solved---(I have a planπŸ™‚)

Brent, the only thing about keeping it offline (which is probably better than keeping it online), is that someone tidies your desk and throws that scrap of paper away and your mind is now lost (and all your accounts). Been there.

    dbarron True that. But I was using "offline" in the same context as Josh and Kyrios: a password manager that doesn't connect to the internet or phone home or update itself. I like the digital 'offline' concept. As for the piece of paper, when I migrate to a password manager I probably would keep paper as an insurance. It's morphed into a small booklet! See Staudey above.
    Another poster mentioned password length as well. Can you believe back in the day I'd use the same password for multiple accounts? But now? No no no. Like you said, enough to lose your mind besides now being too cumbersome.

      Brain is the best manager build a story around the password so you remember it even i forget the password my wife remembers it mainly bank related πŸ˜€
      rest of the passwords I am not worried about it just stored in Gmail Keep with twisted key=value so no one can decode.
      South Korean bank users use korean PKI memory stick to login for public/private handshake .

      As other people explained why password manager is probably better( cheers to @kyrios for the example of phone taking picture of your list, if hacked). And you know why it's better for your password list to not be on the cloud( because for example NSA eventually could order it to be given to them or something like that...although a good password can take years to be broken, soon governments and big companies will have quantum computers which will crush passwords for seconds).
      So it's best for your password list to be in your hands...
      And now the new part- you can actually use the option for key file(essentially you must browse and select a file like a picture to be your authentication- you should be warned that if a picture is opened even with image viewer it can change it's metadata and thus making you incapable to open your kbdx file).
      So it's most secure to have local passwords file with strong master password and a key file πŸ˜ƒ
      Also hide your characters when entering passwords and I think you could do something more to stop Brute force attacks.

        Emperor If the NSA is going to ask for your data they won't bother asking for the password, they'll just go to the company holding your data and ask for it, no need for passwords. 😁

          Justin Well there goes the thread, you have to bring truth into it 🀣

          brent if you use a strong master password then you can keep the password database on the cloud

            Justin That's right πŸ™‚
            But passwords are also used to read encrypted files/documents- so in that regard it can be useful.
            Thus you can give someone else the password to decrypt files you send to him via the internet.

              Snoober I don't subscribe to this point of view because

              • Some people think they have a strong password but actually it is not or it can be deducted with some social engineering
              • Once your password DB is in the cloud, it can be downloaded and then the attacker can take all the time he wants to perform his attack and it's cheap and easy to rent CPU/GPU power nowadays or better he can wait for a vulnerability to break or bypass the security. Changing your master password or patching your application won't save you.

              Even if it takes years, once someone evil gets access to your passwords the chance are high that some passwords haven't been changed and for the others, the attacker can see your password style, find some logic in them, see if you reuse some password or use very similar ones, etc.

              This gives a great feeling of being safe while you may have been hacked and be vulnerable.

              There is a very simple rule, consider internet as a public place. Don't put anything you don't want to share with the world on the net.
              Just compare internet to the street. You leave your bicycle on the street, anyone can take it. You attach it with a locker, even a strong one, the chances your bicycle won't be there the next day is high.
              Leave it in your garage (=offline), the chances it get stolen are much lower.

                Emperor Thus you can give someone else the password to decrypt files you send to him via the internet.

                Heurm.. Public/private keys are a thing... πŸ˜‰

                  kyrios For me not xD
                  Just that was the first thing that come to my mind for my defence.
                  But I will still admit that Justin nailed it- it looks like against NSA it's useful only if you have something offline- not in the logs of corporations...making it pretty limited.
                  Still tough for everyday security it makes a lot of sense to keep everything you don't want to share locally.
                  But I am still almost wrong about governments/NSA as they really have other ways of accessing your information.
                  So against them can local storage help? If used to store password for Riot for chatting(have no idea if that makes any sense, but I will still throw it here) or something else?

                  Staudey The most general rule for privacy and security after Don't put anything you don't want to share with the world on the net(kyrios)...is probably Don't put all of your eggs in one basket
                  Also you should prefer to generate passwords locally instead from a website + KeePassXC gives you the choice to use ExtendedASCII- making a far more complicated password.

                  I got the joke when I clicked the linkπŸ™‚
                  I have a booklet of good passwords. Eventually I will delegate them into an offline password manager with a traveling kbdx file if necessary.
                  My passwords will never be online. And never be in the cloud on purpose.
                  This sounds like a plan to me.
                  The nsa bothers me not--I am boring all around.***Online trackers building personality/financial profiles of me and you bother me a lot more. Firefox Pocket suggestions and Youtube suggestions terrify me. At least I could diable pocket.
                  kyrios --I love when you chime in with the common sense to remind us all of online decorum/protocol.
                  Thank you all for the fantastic perspectives. I got what I needed: SOLVED.

                  edit: added a bit

                  [deleted]
                  The browser extension allows full control of the manager for those who prefer not installing Snaps, Flatpaks, or AppImages.