Event info can be found HERE.

There will be no proceedings (peer-reviewed academic papers) this time, due to time & organisational constraints.

Things have changed.
WE are doing 3 – THREE – days of PasswordsCon!
2 days like in 2018 at Internetdagarna as a separate track, and then 1 extra day at the office of the Swedish Internet Foundation. The extra day will be a restricted event, independent registration, ID required, where we will do offensive attack talks only.  No streaming & no recording. See more information here.

There is good consensus on NIST SP800-63B. Microsoft has suggested new security baselines for Windows without mandatory & frequent password change. More 2FA support is coming along, and we see increasing adoption of U2F / WebAuthn. Peace rules the land like never before. Did I just die and go to passwordhaven? Do we still have topics to discuss with Cormac Herley? Is there nothing left to rant about for Mark Burnett, and what’s left to talk about for Jim Fenton?

Things haven’t changed.
We keep on blaming the users for “bad passwords”. Media articles, not to mention product vendors, are promoting magic black boxes filled with magic unicorns that solves all your problems, and of course: PASSWORDS WILL GO AWAY ANYTIME SOON NOW. (No need to update this paragraph from 2018….)

WHAT do we want?
We are looking for talks within anything related to digital authentication. Since our first #PasswordsCon in December 2010, we have seen time and again that people are baffled & surprised when they learn about all the aspects this might cover. Psychology. Cryptography. Pattern recognition. Usability. Graphics design. 2-Factor authentication. Linguistics. Biometrics. Keystroke dynamics & behavioral biometrics. Education & awareness. Standards. Cracking. Hashing. GPU rigs. DIY projects. Password managers. Ethics. TOTP. Rate-limiting. Password spraying attacks. And the list goes on and on…

WHO do we want?
More than ever before, we want more women to talk. We would love to see a 50/50 split on stage! Some of the best talks we’ve had through the years since our start in December 2010 has been women, while the vast majority of speakers were male. We need, and we want to see more women in the security industry, and I know there is great talent out there!

We also welcome new speakers, including those who has never been on a stage before. If you would like some help on how to present on stage and prepare for your talk, please reach out to us!

We have no requirement for original talks, 0-days, or juicy security revelations, as we know very well that a good message needs to be repeated many times if we want to change the world.

What we do not want is product pitches, marketing/sales representatives, brochures or magic unicorns. We discuss problems and possible solutions.The audience is the toughest available anywhere in the world, so whatever brilliant idea you’ve got, you are pretty much guaranteed very valuable feedback.

WHEN do we want it?
First round selections will be made on June 1st, so you have until May 31 to submit. Depending on amount and quality of talks received, we might do another run of submissions as well. Talks will be 20-25-30 minutes in length, so your introduction should be short, with Q&A in the many breaks for coffee & snacks. We’ll prefer a title & abstract, but if you would like to just pitch an idea for a topic and get feedback about it you can do that too. The kitten/puppy rule of #PasswordsCon is described here.

WHERE to submit?
Send your talk idea/proposal/slides/paper/submission to [email protected]. Want better security & privacy for your submission than email? Contact me (Per Thorsheim) by Twitter DM for Signal, Whatsapp and other options.

WHAT do we need from you?
In addition to a suggested talk title and a short abstract, we need your name, email and phone number. If you have presented at other conferences, at work or at school we’d like to hear about it of course. Don’t worry, there is room for changing the details as long as the overall concept of the talk doesn’t change.

If you can add additional information like Twitter handle, personal blog, your mothers maiden name, name of your first pet and favorite artist we’ll take that too. Oh, and a short bio is always appreciated. People will usually Google you anyway.

More importantly though is your consent for us to make a recording of your talk. This conference is about sharing knowledge, and the Internet has proven itself as a pretty good place for doing just that. For the third day with offensive attack talks only, there will be no streaming or recordings.

Please feel free to contact us on Twitter (open DMs to me, @thorsheim), by email ([email protected]) or through other channels where you can find me. There’s only one Per Thorsheim in the world, so I can’t really hide that well online.