A user can also trivially defeat any password system by publishing their password to Facebook.

The purpose of preventing similar passwords isn't to prevent a user from defeating themselves, it's to prevent an adversary from defeating the user.

Now you can rightfully argue that blocking similar passwords isn't an effective measure against an adversary, and this article kind of suggests that... but it is possible to implement such a system.

Of course, you're right that it's possible, and that they have easier ways to subvert the system.

True, but if someone is really motivated to undermine their own security, I don't think there's anything you can do to stop them.

I think the idea is that most users will just choose another password if you tell them the one they entered is too similar to their previous password.

I've been at places where the old passwords seemed to be kept around, so that it was detected whether or not you were switching to the password you used six or seven passwords ago.

This is done by keeping the old hashes around. The new password hash is compared to prior hashes to be sure it doesn't match any of them. This only catches exact matches on re-used passwords.

Or, the current plaintext password is compared to the new plaintext password (normally a password change requires the current password) so you can do more sophisticated similarity checks, but only compared to the current passord, not any older ones.

Some IDM products store the password with symmetric encryption and analyze it. Siteminder is/was one that spooked to mind.