"okay, who should I use instead? Or do I go back to using one password for everything?"
Given that the "using one password for everything" is such a terrible idea that we can discount as probably worse than storing your passwords in a cloud-based vault then you land on what your family member has given you as the other option "what should I use instead".
Ultimately if* there are no password managers available that will do syncing of locally stored vaults, then there are actually multiple options here:
1. Accept that the convenience (of device sync) here trumps the security issue that storing passwords in a cloud based vault causes.
2. Should there be no options that allow for device sync /and/ local-only vaults then there is another option which is to not do automatic syncing.
Option 2. is somewhat inconvenient (how much depends on who you are and what you do), but it is still an option.
Personally, Option 1. is a line I'm not willing to cross. I see single repositories of 10s to 100s of thousands of peoples passwords as a "password piñata", a massive target for attack and so I'd take the inconvenience over the compromise. That said I'm lucky to have a 1Password 7 still so do have local vaults and sync, but there's not a chance in hell I'm uploading this stuff to a central repo.
* Enpass might do what you want. It was a suggestion in the comment thread here.
Given that the "using one password for everything" is such a terrible idea that we can discount as probably worse than storing your passwords in a cloud-based vault then you land on what your family member has given you as the other option "what should I use instead".
Ultimately if* there are no password managers available that will do syncing of locally stored vaults, then there are actually multiple options here:
1. Accept that the convenience (of device sync) here trumps the security issue that storing passwords in a cloud based vault causes.
2. Should there be no options that allow for device sync /and/ local-only vaults then there is another option which is to not do automatic syncing.
Option 2. is somewhat inconvenient (how much depends on who you are and what you do), but it is still an option.
Personally, Option 1. is a line I'm not willing to cross. I see single repositories of 10s to 100s of thousands of peoples passwords as a "password piñata", a massive target for attack and so I'd take the inconvenience over the compromise. That said I'm lucky to have a 1Password 7 still so do have local vaults and sync, but there's not a chance in hell I'm uploading this stuff to a central repo.
* Enpass might do what you want. It was a suggestion in the comment thread here.