Definitely recommend a password vault to anyone that doesn't already use one. After this next hack leaks, I imagine you'll get at least a couple of attempts on your email/phone.
I had an identity theft a few years back, still cleaning up from it. At the time I had the typical set of standard passwords that I would use. I thought they were ok since they were pretty random but I had one for Financial, one for Web Services, etc. so of course when the creds leaked, I suddenly had a bunch of credit card bills I never signed up for..
Since then, every password is unique, my default is 31 characters, and 2-factor for everything possible. Unfortunately I initially settled on LastPass, figured that they had hopefully learned their lesson from their breach years ago. Then it happened again recently and I moved to Bitwarden so that I can eventually migrate to a self-hosted solution.
I've been trying to get my family on board for years but it's still too complex. Non-technical folk still will take the path of least resistance, even when the dangers are right in front of their face. We need something better.
I use Keepass with Syncthing as the sync backend. Syncthing comes as a Docker container these days and sets up in seconds, I like how it doesn't rely on a central server and gives you some redundancy.
Also, Keepassxc is a rewrite with better integration, true cross platform support and more features, keepassxc.org
I don’t know much about them to be honest, and what little I have heard sounded like it was paid for. My knee jerk reaction is to avoid them. Maybe they’re decent, maybe not. Couldn’t say.