While these 5 popular websites have bad password rules that risk users data there are many more that are worse. If you want to find more websites with bad passwords you can search Google for “password shaming“, visit the following Github bad password repository that is crowdsourcing the list of websites or checkout this post from Dashlane that shows the worst password offenders of 2021.
Canadian Imperial Bank of Commerce, a popular bank in Canada limits users to a maximum of 12 characters and only allows letters or numbers and, no symbols.
Lowe’s one of the most popular hardware and building supply stores in the United States limits passwords to 12 characters and passwords can’t include symbols.
Surprisingly, Dropbox, one of the most popular file sharing websites has a very low 6 character minimum limit and I was able to create a password using 6 repeated lower-case letter.