1) Choosing a password should be something you do very infrequently.
Choosing a password should only need to be done once per site, not "infrequently".
2) Our focus should be on protecting passwords against informed statistical attacks and not brute-force attacks.
Passwords are generally leaked because someone either got the list of passwords, tricked the user into entering the password on the wrong area (e.g as with any phishing site), .extracted them from a local store on the person's hardrive because Firefox still doesn't auto-block random plugins be default, or used the rubber-hose decryption algorithm.
3) When you do have to choose a password, one of the most important selection criteria should be how many other people have also chosen that same password.
So, don't use a single password that appears on a dictionary attack. Trivial.
4) One of the most impactful things that we can do as a security community is to change password strength meters and disallow the use of common passwords."
It's moot when the various websites come up with inconsistent password types, where your randomly generated password is rejected because it didn't happen to include a capital letter (even though it contains a punctuation mark), is rejected because it contains punctuation, is rejected because it's too long, etc.
Disallowing common passwords is as easy as downloading a list of common passwords and refusing anything with an exact match. If you have free extended strings, there's more than enough variation to kill anything statistical, leaving only the dumb users that pick something obvious that most sheeple do.