A large-scale study of password-protected Web sites revealed a lack of standards across the industry that harms end-user security. Researchers collected data from 150 web sites and found widespread “questionable design choices, inconsistencies, and indisputable mistakes” Attackers can use low-security Web sites such as news outlets to figure out passwords associated with certain e-mail addresses. Only five sites let the user register password hints, a strategy that will encourage users to come up with stronger passwords. Most sites examined failed to provide users with feedback or advice on choosing a strong password.”]