[Spooky23]

Use an out of band password manager, whose key is never transmitted over a network. Or a notebook that is physically secured. There are a number of solutions for password vaults, and you can use a variety of means to synchronize them if needed.

The notion that it's a good idea to trust a browser extension for secrets management is pretty bizarre to me if you're protecting high value assets.

[microtonal]

As always, it depends on your threat assessment and what is practically possible. For the vast majority of users, using a password manager browser extension [1] is a large improvement over password re-use over dozens of sites. Most folks will also not want to put in the effort to use an out-of-band password manager.

(Not directed at you personally, but I often hear such comments from people who are then perfectly fine to use a password manager in X11, where in a the default configuration every application can read your keystrokes, screen grabs, clipboard, etc.)

[1] Preferably one that communicates with an out-of-process password manager over an authenticated channel like 1Password.