Abstract or Summary:
An average person on the Internet reuses their same password across multiple sites more often than we'd prefer, which has increasingly resulted in account compromise headaches felt both by them and the sites they visit. Most organizations have limited options to prevent password reuse altogether, but they can take advantage of the same data used by attackers: password leaks.

Large companies (like Microsoft, Google, Facebook, and Yahoo!) have started proactively searching for the passwords leaked by other sites and then finding matches within their own user populations. They can then force a password change or require supplemental authentication to make certain the legitimate user keeps control of their account.

This presentation discusses what exactly is involved in processing this ill gotten data, as well as whether it makes sense for your organization to integrate this into your information security program.

PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=KEgaXBucnNo