> If you are an important politician, an opposition figure or a dissident of some kind, some unfriendly country might decide to invest lots of money in order to gain access to your data. A six words password (77 bits of entropy) should be out of reach even to those actors for the foreseeable future.
In case you are in this position I fear that increasing password strength is one of your least worries. We saw with LastPass breach that it is possible to install a keylogger on one of security specialist's machine which ultimately defeats any password. IMO you'd better find a specialist or a company you trust to safeguard your devices' from any malicious apps.
Yes, nothing I wrote negates the need for other security precautions. Keeping around a software which is accessible from the internet while not installing any updates for it (the vulnerability in question was already two years old) – obviously a bad idea. Installing software updates timely is always the first step for everyone.
But to address a specific concern of uploading your passwords to the cloud, a strong master password is a solution. And: no, keeping all passwords stored in a local file is far less convenient but not necessarily more secure.
In case you are in this position I fear that increasing password strength is one of your least worries. We saw with LastPass breach that it is possible to install a keylogger on one of security specialist's machine which ultimately defeats any password. IMO you'd better find a specialist or a company you trust to safeguard your devices' from any malicious apps.
P.S a mandatory XKCD's comic https://xkcd.com/538/