Well, if fear comes from third party, host your own. Hasicorp vault or Bitwarden + dirty cheap domain con cloud flare and a machine (if you are paranoid enough on your LAN+NAT) on any major cloud provider… don’t prompt people into using the web as a context for their password, you make it easier for experienced brute force attacks with custom dictionaries.