This is probably quite disturbing security practice by one of the high traffic airlines, and it has a huge members on its website, but this user password policy is ridiculous to follow, it even failed NiST password guideline, most password right now are sometimes more than 15 characters.
Airasia registration page.
and please check your account if it’s already hacked or not at haveibeenpwned.com