I didn't think anything was breached either...that's why I quoted it.
Yes, you're correct about the normal process to extemporaneously change your Cox password. However, when Cox did have a breach a few years ago (maybe more), the page forced me to change and then to confirm my new password. The login page wouldn't allow me to log in until changing.
Yeah, if devices without a Cox-assigned IP address try to access your account(s), Cox probably would suspect something.
Gmail used to persistently hound me about suspicious activities. I have POP Peeper to check all my accounts and Gmail hated it. I'd log into Gmail via browser (okay) then my POP Peeper would check for new email (yikes!). Gmail reported activity from 2 different locations but it was from the same PC with the same IP addresses. Google has since fixed that flaw.