I think it’s reasonable advice for most people. The alternative is usually having a simpler password which is worse if your threat model is ‘hashed password shows up in big breach’. If your threat model is ‘someone turns up to your house to get your password’ your worry should not be theft of the paper.