One Breach to Crack 'Em All! Insights from Password Breaches - Jarkko Vesiluoma
Disobey 2026 · Main Stage
Jarkko Vesiluoma's Disobey talk, "One Breach to Crack 'Em All! Insights from Password Breaches," delves into the profound lessons that can be gleaned from analyzing vast datasets of compromised credentials. Drawing its title from a clever Lord of the Rings reference, the presentation underscores the disproportionate power a single compromised password can hold over multiple user accounts. Vesiluoma, a seasoned offensive security lead, researcher, and red teamer, embarked on a multi-year research endeavor to dissect password breach data, aiming to understand the underlying patterns in human password creation and their implications for both offensive and defensive cybersecurity strategies.
AI review
Competent, data-driven research with a respectable corpus (48M passwords, 2TB raw data, regional filtering) that quantifies what most practitioners already know directionally. The regional focus on Swedish/Finnish credentials is a modest differentiator, but the core findings — dictionary words dominate, 8-char passwords are common, MFA fixes credential stuffing — are well-trodden ground that won't surprise anyone who's run hashcat for a weekend.