It matters, because when the prefix changes, it changes IP addresses of every single device in your network.
As you wrote, internally, you can use ULA. But you cannot open access from outside, because your firewall rules will become invalid with prefix change. With classic IPv4 NAT, your internal addresses don't change, so your port forwarding works, even if the WAN address changes.
Together, with a single /64 -- which means no subnets for you -- you are getting worse deal than with IPv4. You shouldn't have to contact your ISP for a plan (for a premium, obviously), that allows you to segment your network or open access to specific devices. What's the use of direct connections -- the IPv6 promise -- when you cannot use them anyway?
In short, with limitations like these, you are getting a bad deal.
I don’t know what router you use, but openwrt lets you set firewall rules that only match the last 64 bits. This should solve your problem, provided you configure your router to hand out static IPv6 leases to devices.
There are wildly different solutions for different routers.
I'm using Mikrotik, which doesn't allow prefix-less addresses in firewall, but allows you to put hostnames into your rules (so it will ask DNS what the address is and once the ttl expires, it will ask again).
On some CPEs (I don't remember which), it allowed to enter mac addresses, so the forwarding would always work for specific device, with any GUA address.
But we have to remember, that all these solution are optional and brand-specific; there's a wide range of devices that do not have anything to solve this problem.
> It matters, because when the prefix changes, it changes IP addresses of every single device in your network.
My solution for my home network was to write a script that periodically checks my IPv6 prefix and updates the firewall rules and DNS if it ever changes. It doesn't feel like a great way to do it but it seems to work.
SLAAC requires the bottom 64 bits to be part of the host portion of the address. A network prefix larger than /64 limits SLAAC to providing link-local addresses only, which means another mechanism needs to provide routable addresses, such as DHCPv6. That, in turn, prevents the use of privacy addresses.
DHCPv6 is also optional, clients do not have to support it; some do not support it intentionally. So for example, any Android device won't be up and running on SLAAC-less network.
As you wrote, internally, you can use ULA. But you cannot open access from outside, because your firewall rules will become invalid with prefix change. With classic IPv4 NAT, your internal addresses don't change, so your port forwarding works, even if the WAN address changes.
Together, with a single /64 -- which means no subnets for you -- you are getting worse deal than with IPv4. You shouldn't have to contact your ISP for a plan (for a premium, obviously), that allows you to segment your network or open access to specific devices. What's the use of direct connections -- the IPv6 promise -- when you cannot use them anyway?
In short, with limitations like these, you are getting a bad deal.