Re Air Canada Breach:
We all work very hard for security, and idiots at companies undo everything by their ill-advised policies. It appears from recent changes for suggested for password security that the failure is the 10-character limit. My understanding is that it does not matter about whether you include non-characters or not; the longer the password is, the probability of brute force success goes down very fast.The firm has also been criticised for its relatively weak password system. Although it is not clear how the breach occurred, one cyber-security specialist highlighted that Air Canada's website still says account passwords should contain between six and 10 characters and that it only accepts letters and numbers, but no other symbols.