@elduvelle I personally use KeepassXC, primarily because it has a pretty good track record and no sketchy VC-backed company behind it with potential plans to hold all my login data hostage...

As for the risk that it itself gets hacked: yes, that risk does technically exist. There are ways to reduce that risk (using one that runs only locally, like KeepassXC, using one that's well-reviewed by security experts and open-source, etc.) but the chance is never zero.

But the main reason that password managers are still a good recommendation, is because of what the alternative is for most people: using the same password on every site, or some kind of procedurally generated password (which is not really any more secure) because there's only so much stuff you can remember. If you do that, then if one site gets compromised, it can leak your password for everything! Password managers don't have that risk, as long as your 'master password' has never been used on a site directly.

For the same reason, a physical notebook (not a text file) with a randomly generated password is also a completely fine option, even if some people make fun of it. As long as you use a trustworthy password generator. A notebook can't be hacked over the internet at all!

For the rest of the questions, I can only answer for KeepassXC: it does not require the internet in any way. It also does not synchronize between devices, though you *can* just sync over the file with something like Syncthing or Dropbox (it's fully encrypted), and compatible clients exist for various platforms. It's not the nicest interface but in terms of "just doing the thing I want it to do" it's been great.

Honestly the bottom line is that passwords just kinda suck, they're not a very good mechanism. But a password manager (or notebook), and some kind of two-factor authentication, gets you to as good as a place as is possible with passwords. And passwords are usually the only choice you get.