> which is in fact related to the harmonic mean (which is n times the o-plus of the terms). I don't know if there's a better term for "o-plus" other than "reciprocal sum of reciprocals"
I would call it the "harmonic norm", which is consistent with is being the "norm version" of the harmonic mean. It might also be called the "(p=-1) norm" since it would be a p-norm with p=-1. Also "L-1 norm" to put it in the "L norm" family.
To be charitable to the article: people who are not security-minded often make password decisions that "don't matter". You advise your grandpa to do better than "password" and he might move to "Password1!". You advise him to not reuse passwords...and that's really hard without a password manager, so he reuses passwords.
But yeah, your password choices very much matter and those choices can foil {credential stuffing, password spray, brute force}, which is admitted but downplayed in the article.
Considering that most people reading the article will be security-minded, a far better title would have been "Your Users' Password Choices Often Don't Matter".
>What am I supposed to do whenever I'm involved in a new breach? Burn all my accounts and start again?
If you reuse passwords, then change your passwords for all the accounts that use the breached password. Hopefully, it'll spur you to start using a password manager so you can easily have strong, unique passwords.
If you don't reuse passwords, then change your password for the breached account. Sometimes services don't tell you about breaches and it is HIBP that first informs you about the breach.
If there is some email address that you really, really don't want bad guys to know about (perhaps a dedicated email address for your important financial accounts), then it helps you know when to switch to another email address.
HIBP helps you know how often a service has been breached in the past, and that might help guide what services you want to use/not-use in the future.
All services so far seem to accept dots, but the number of possible dot arrangements can be quite limited, and it is a pain to actually use (figure out next one to use, figure out associated service from dot arrangement, etc).
There's been a lot of talk about the benefits of browsers showing URLs in a stylized way that makes it more obvious to the user what is the domain and what is not the domain.
I should have realized this earlier but: it's also important to have anything that displays clickable URLs (like a messaging app) to also style the URL to help it be more obvious what domain is being linked to.
The problem of better stylized URLs is so much bigger than browser URL bars that show where you are right now; it's also everywhere that displays clickable URLs.
To summarize it for the curious in a hurry: intellectual phase lock is the tendency for people in science/intellectual-endeavors to publish/assert results that are not too far from what other people are getting. With this tendency, it can take a while for a (science) community to drift from a fashionable, wrong belief to a more correct belief. thijser's comment[0] is a good example of intellectual phase lock.