I’m afraid that they’ll become an “open standard” just like the web is an “open standard”. Controlled by Google, who has the most money and employees, and pushes out additions and changes to the standards so fast that Mozilla can’t keep up, and we end up with a web that caters to Chrome.
Imagine websites being like “oops, your KeePass database uses passkeys v7.8 but we now require passkeys v16.4”
If you make word-based passwords, you still need to make sure to use random words. If you use a sentence or quote or song lyrics, then those usually have far less randomness than people think, and thus can be guessed easily by AI.
But if you use random words, a few words can be plenty secure. The diceware word list used by many password generators has 7777 words. 6 words means 77776 possibilities, which is approximately 278, aka 78 bits of entropy. That would take many years for any datacenter to crack. Though personally for really strong passwords, I go for 90+ bits of entropy.