This is a bizarre post.The intro seems to blame Dunkin’ Donuts for credential stuffing attacks against their platform.
The first expert says nothing.
The second one is asking the users to practice good hygiene.
The third one is again mostly talking to the users, but does mention the web site (Dunkin’ Donuts) should implement second factor authentication, presumably as just an option for users to choose. Which is the only real right answer…