The linked article <https://medium.com/4iqdelvedeep/1-4-billion-clear-text-credentials-discovered-in-a-single-database-3131d0a1ae14 > is interesting.
This database seems to be an aggregation of a number of previous breaches and thus spans several years of Internet usage and can for any particular email address give an idea of the level of password re-use etc.
Interestingly, because of the aggregation, I see that even passwords of 10 characters have made it into the top 20.
I see that both in the linked article and here on El Reg, little real thought is being given as to how user credentials are stored, transported and looked up, particularly on websites.