CypherCon 2023

A World Without Passwords

Andy Jaw


In this presentation, we’ll talk about why we should get rid of passwords and the various configurations for passwordless solutions available to Windows and Azure Active Directory. We’ll go through how to deploy Windows Hello for Business in both cloud or hybrid configurations. We will also discuss how to implement passwordless authentication and phish resistant MFA with Azure Active Directory for Microsoft 365 and Azure AD federated applications.

Importance: I am writing this talk because many organizations still do not have passwordless solutions deployed. It is one of the few things that security orgs can deploy that not only make their companies more secure but it makes it easier for users to log in. Password attacks are still extremely common and getting rid of them is not something that is a future capability. It’s available today and can help orgs become more secure. Additionally, phish-resistant MFA is becoming more and more important and a key part of the passwordless deployment.

Andy Jaw

Obey Clippy!

Andy has been in the information security industry for over 8 years and held various roles from security operations, analyst, engineer, and architect at companies like Trek, Exact Sciences, and most recently, Microsoft. Andy served 10 years in the Air Force and deployed to Afghanistan as a civil engineering officer and led the emergency management unit.

Andy Law currently works as a security technical specialist focused on consulting, architecture, and deployment of security solutions to help secure Microsoft’s customers. As a veteran and former law enforcement officer, Andy has a unique perspective to help organizations have a holistic view of information from physical security, defense, and incident response.

Andy holds a Masters degree in Information Assurance and a Bachelors degree in Electrical Engineering. He has various certifications for Microsoft Security, Identity, Security+, and DoD Program Management.