I don't agree with that "study's" conclusion, since it follows along the lines of AV-Comparatives in the trend to dumb down users instead of educating them.
It'd be justified to downrate services that don't
allow the usage of long passwords or all kinds of characters. I always wonder why some limit you to like 8 characters and/or can't handle symbols.
I'm all for 2FA and brute-force protection server-side, but it's up to me to choose a password. And if it's for something silly like Netflix, I want something I can remember, because I need to input it into like a thousand different devices (PCs, Mac, iPhone, iPad, AppleTV, etc.) The last thing I need is Netflix telling me I need a 90 character password with 75 different symbols. I think I'd rather cancel the service than having to deal with that. After all, this isn't my bank account either and if somebody where to hack it, I'd simply request a password reset. No harm done.
As for GoDaddy, we're talking about the provider who'll offer you on a plate to any agency as soon as they as much as think about ringing them up about you. That's just how "secure" they are.