I thought it was widely accepted that Podesta was the victim of a spearphishing attack (coupled with bad advice from IT), rather than just "hacked" via password-guessing.
* Yes, lots of evidence says that Podesta did give his password to a hacker the spear phishing email you mention. The email dump cuts off soon after this event, the phishing bit.ly link was visited then according to the stats page, and we can see the phishing email here: https://wikileaks.org/podesta-emails/emailid/34899
* This appears to be a quote of someone speaking, I think it's pretty reasonable not to pronounce the @. All common variations on password are equally vulnerable to password guessing programs. There's a rule to use l33t speak in JTR and many other common programs.
* You can make a GMail account with the password p@ssword, something else they don't mention, choosing instead to go with a literal interpretation.
* It doesn't seem to mention that he also lost his phone in a DC cab, which is another possible source of leaks.
* They never appear consider whether or not the person who gave the emails to Wikileaks told them Podesta's password, they just say there's no evidence for them to verify, other than Gmail rejecting a password of 'password' (but not p@ssword), after which they rate that claim as false.
I will also agree that the Politifact article's conclusion is hasty, and their selection of evidence is questionable at points (such as gmail account creation).
What the email indicated was that someone temporarily set a Windows 8 password to a variant of password.
What the email did not indicate that his gmail account itself used a variant of password as the password. It is disingenuous to conflate the two and claim his email password was password as Assange did in numerous interviews.
Just stop with the nonsense that his email password was "p@ssword", as the truth is just as stupid.