Dashlane analyzed the password policies of 40 popular online services. Researchers registered accounts on 40 sites and recorded which websites follow five simple rules. Six websites did not have policies to prevent brute-force attacks: Apple, Dropbox, Google, Twitter, Venmo, and Walmart. Netflix, Pandora, Spotify, Spotify and Spotify didn’t meet at least one of the five criteria. Of all the tested sites, only GoDaddy, Stripe, and Quick Books obtained a perfect score in each five categories.
Source: https://www.bleepingcomputer.com/news/security/godaddy-has-the-best-password-practices-netflix-spotify-uber-have-the-worst/