We are actively working on getting rid of passwords within Microsoft. In a first phase, we will not see and use our passwords anymore but on a more technical level they might still exist. The basis for this is the leverage of technologies like Windows Hello for Business and the Microsoft Authenticator App.
All the protection we applied already allow us to extend the password refresh cycle to one year.
Why we are doing all that work is fairly obvious: Most successful compromises involve lost/stolen credentials.
How our journey looks like and how our CISO thinks about it – read it here: Microsoft’s security chief explains why the company is eliminating passwords.
Always good to see that Microsoft is taking the lead. Nonetheless most companies suffer from legacy infrastructure, making it not an easy move. Nonetheless having a a direction is always good.
Well, part of what we do around Azure Active Directory is giving our customers option how to integrate application into a modern authentication environment. It does not necessarily matter, whether we are talking of Cloud apps, in-house web applications, or legacy applications. There is something like an App Proxy, which helps to address such problems. The corresponding blog is on my to-do-list