We are actively working on getting rid of passwords within Microsoft. In a first phase, we will not see and use our passwords anymore but on a more technical level they might still exist. The basis for this is the leverage of technologies like Windows Hello for Business and the Microsoft Authenticator App.
All the protection we applied already allow us to extend the password refresh cycle to one year.
Why we are doing all that work is fairly obvious: Most successful compromises involve lost/stolen credentials.
How our journey looks like and how our CISO thinks about it – read it here: Microsoft’s security chief explains why the company is eliminating passwords.