What's with all the redacted entries? Without some context, I assume that these are companies that threatened some sort of legal action if their name was published?
They say there are 361 sites pulled from TwoFactorAuth.org's list of sites, and they were able to access 145 of them.
In describing the set they initially drew from, it seems like they've described the 17 redacted sites simply by describing their complementary set (the 128 sites that are secure).
