It's not so much degraded (although some sites do -- nothing like using a mix of capital and lower case letters only to have the site coerce it to all caps or all lower) as that the particular hashing or encryption algorithms are of varying strength.

All hashing algorithms have the disadvantage that they convert something longer or shorter into a fixed length; in the case of the two oldest/most common (MD5 and SHA1), they are simple enough and produce a short enough output that between size and bugs, there are now attacks where the attacker may be able to find a different string that produces the hash even if it's not your password.

The other alternative is actively encrypting the passwords, but the disadvantage there is that there is a master password somewhere which will unlock all of them.

The only real solution is not to use passwords at all, but there isn't a practical alternative for most things, and while in theory more secure, the other common alternative (certificate-based login, where you have a private key and the serer has the corresponding public key) is open to other sorts of attacks.