Recent news that around 20,000 Air Canada customers discovered that their personal information have been compromised after a breach in the airline’s mobile app, prompted a lock-down on all 1.7 million accounts until their passwords could be changed. Air Canada said it detected unusual login activity between Aug. 22 and Aug. 24 and tried to block the hacking attempt, locking the app accounts as an additional measure, according to a notice on its website.
Commenting on this, Amit Sethi, senior principal consultant at Synopsys, said, "There is simply no excuse for organisations to still be relying solely on passwords for authentication. In this case, the hack might have been related to the Air Canada mobile app. Everyone that uses a mobile app has a mobile device that they can use to enroll in several types of multi-factor authentication.
Moreover, there is no excuse to have a password policy like the one that Air Canada currently has: 6-10 characters with no special characters allowed.
Organisations that are handling sensitive data need to do better than single-factor authentication using weak passwords."