@DenBesten Yes, the guidance in my “PSA” are could be softened for cases in which the service does not have password length restrictions (or even when limits exist but limits allow for passwords with at least 60 characters).
However, a PSA is directed at the “public”, which will generally not be familiar with differing entropy calculation methods for passwords and passphrases, and can therefore not be relied upon to determine the required length of a passphrase. Moreover, the general “public” is unlikely to be able to determine the maximum allowable password length when it has not been clearly posted (e.g., by inspecting the HTML code of the password <input> field, which I routinely do myself when creating new accounts). And this does not even touch on problems that arise when websites set a password length limit on the account registration form, but truncate submitted passwords to a lower length limit on their login form, or websites that have different password length restrictions (for the same account) on mobile vs. non-mobile login forms.
Considering the computing technology available today, and with no knowledge of hashing algorithms used by a service, it is necessary to use a password with entropy in the range 70–90 bits (or 78–99 bits, per a selection of “authoritative” sources that you’ve quoted elsewhere). Thus, a passphrase would have to have 6—8 words to be secure; this would (on average) give a character count in the range 47–63 characters, and could be as high as 80 characters.
My intent was to provide a simple rule of thumb that would improve the security of users who do not wish to learn about entropy calculation and do testing of each website’s implementation of password length limits. For such users, it would be inappropriate to routinely generate passphrases, because they would be at high risk of either running into problems (including account lock-out) caused by length restrictions, or using passwords (passphrases) with insufficient entropy.
From the amount of user pushback against the recently implemented 6-word limit, it is clear to me that many Bitwarden users are routinely generating passphrases that are too short to provide adequate security. My PSA was directed at those users, not at you.