The background is based on current state-of-the-art password cracking technology.
In short, hackers penetrate the network, get access to a domain controller and pull the file with all user names and passwords out.
Next, they load this file in a dedicated passwords cracking machine using hashcat. This hardware that can crack any Windows 8-character password in 6 hours.
Kevin owns one of these rigs and uses it during his penetration test jobs. Using passwords or pass-phrases of 20 characters makes this several orders of magnitude harder.
Here is an Arstechnica article that explains the technical background in detail: