https://techcrunch.com/2018/07/19/surprise-top-sites-still-fail-at-encouraging-non-terrible-passwords/

You would think that Amazon, Reddit, Wikipedia and other highly popular websites would by now tell you that “password1” or “hunter2” is a terrible password — just terrible. But they don’t. A research project that has kept tabs on the top sites and their password habits for the last 11 years shows that most provide only rudimentary password restrictions and do little to help users.

Steven Furnell, of the University of Plymouth, first did a survey of websites’ password practices in 2007, repeating the process in 2011 and 2014 — and then once more this week. His conclusions?