The beginning

PasswordsCon was first held in Bergen, Norway, in December 2010. Sponsored by Professor Emeritus Tor Helleseth at the Selmer Center, Department of Informatics, University of Bergen, Norway. I really cannot express words how grateful I am to this day for his kindness, generosity & faith in me making PasswordsCon a reality.

There’s a somewhat funny story about its inception. In the late 2009/early 2010, Per Thorsheim (that’s me) was working for the same employer as his wife Kjertsti. She knew of my password obsession at work, and suggested that I should talk about it at the FRISC (Now COINS) winter school for PhD’s & professors in spring of 2010. Having no academic background whatsoever, I immediately said yes when I was offered attending a full week at Finse 1222, listening to talks and discussion on information security. Specifically, Tor asked me if I could do a “rump session“. Honestly, I thought that was some academic l33t-speak & didn’t ask any further questions. I spent weeks preparing my slide deck, only to find myself missing from the printed program when arriving at Finse. Not sure if I had been forgotten, I asked and was told that I could do my talk starting at 21:00, after dinner. “Sure”, I said, “no problem at all.”

So I started at 21:00, and I think I finished approximately 2 hours later. Happy with my talk, I received quite a few questions & comments as well. Only to be approached by Tor afterwards telling me that a “rump session” was supposed to be 5-10 minutes, tops. Oops. Anyways, the real students got their chance to present their work during the other evenings, after I sort of crashed the agenda, so to speak.

Some time after this Tor called me and said that he had never thought the topic of passwords could be that broad or deep as I had presented, so he suggested we should do a conference dedicated to the topic. He could sponsor it all, as long the conference was free, open and held at the university of Bergen. With a “shoestring budget”, we gathered some 35+ people for 2 full days to talk about all things passwords. The rest is history, as I try to describe further down below.

The first years: Bergen 2010 – 2011

The “International breakthrough” – 2012

PasswordsCon at University in Oslo, by invitation from professor Audun Jøsang.

Academic proceedings: 2014-2016

NTNU, Trondheim, Norway, 2014, by invitation from Professor Stig F. Mjølsnes

Cambridge University, UK, 2015, by invitation from Professor Frank Stajano

Ruhr University Bochum, Germany, 2016, by invitation from Professor Markus Dürmuth

We’re going to Vegas baby! 2013 – ongoing



BSidesLV (PasswordsCon – Ground1234 track)

Defcon Password Village

The Swedish connection: 2018 – ongoing


Swedish Internet Days 2018

Swedish Internet Days + LE day 2019

Swedish Internet Days 2020 – we’re virtually in the cloud!

Music for PasswordsCon

Our highly unofficial “theme song” is Kitty Wells and her song “Password”, which was the 10th track on her album “Country Music Time”, released on Decca Records in 1964. You can hear it on Youtube (including some cover versions that are … interesting), and you can find it on Spotify.

Now if that isn’t your style of music, even with such wonderful lyrics, I have no words really to explain the tears of joy when Rachel Tobac set the new standard in a tweet on Jan 22, 2021. Of course this is also available on YouTube here. Not sure about Spotify, but I’ll buy the song as soon as it’s there! 🙂

About Per Thorsheim

Picture of Per wearing a face mask, with the famous "RockYou passwords" fabric design by professor Lorrie Cranor at CMU.

Per Thorsheim is the founder & main organizer of PasswordsCon. He has been obsessed with passwords & digital authentication since before Y2K. During a pentest for a global Fortune 500, he got domain admin access on day 1, due to a single domain administrator using ‘password’ as his password.

He has worked in infosec since ~1996, going “full circle” through sales, design, installation, operations, pentesting, auditing & CISO/CSO.

See Linkedin for professional bio.

See my Twitter profile for my car license plate, and follow me for lots of passwords/infosec stuff. Tweets mostly in English, but also some stuff in Norwegian.