Another comment mentioned using a key-file, so maybe I will revisit that approach, since I used password only when I started.
For me 12 characters password with default 60 000 iterations seems safe enough. My estimation is that it would take at least millions of dollars to break it and my passwords are not worthy of that. You can easily make it into unbreakable for a foreseeable future by using something like 16-characters random password and 10 millions of iterations.
Key file of enough length is like an unbreakable password. But you probably can't remember it, so be careful not to lose it. My database is accessible on public URL which I remember and I remember my password, so I can always download it anywhere and open it. I think that it's a big advantage and I wouldn't want to lose it.
When I decided to start using a password manager, I was drawn to Keypass since it is open source and I don't have to rely on any third party service. But learning how to use it correctly, and juggle your db files among all your devices requires a sound, thought out strategy!
