So the question is what you’re trying to hide and how much effort the adversary is willing to put into getting at what you’re hiding.

The more effort and resources an adversary is willing to dedicate to learning what you’re saying and hiding, the harder you’ll have to work to remain unseen.

In a modern surveillance state, you’ll need quantum proof encrypted chat, self hosted servers with intrusion defense protocols scaled to adamantine toughness, and in all likelihood, strong physical security as well, and also strong password policy, I’d recommend a master password document containing only strings of randomly generated characters of twenty four or more characters in length, protected by a master passphrase in the form of a sentence you can easily remember with the spaces replaced with dots dashes, capitalizing the first letter of every word, or some other distinguisher to make it easier to remember.

Even better would be a password vault service that offers the additional benefit of being able to detect a leaked password from a website side data breach, and then inform you and give you the option to change it right there in the application.