Commenting on this, Amit Sethi, senior principal consultant at Synopsys, said, "There is simply no excuse for organisations to still be relying solely on passwords for authentication. In this case, the hack might have been related to the Air Canada mobile app. Everyone that uses a mobile app has a mobile device that they can use to enroll in several types of multi-factor authentication.
Moreover, there is no excuse to have a password policy like the one that Air Canada currently has: 6-10 characters with no special characters allowed.
Organisations that are handling sensitive data need to do better than single-factor authentication using weak passwords."