I would like to assume that the REALLY big companies like Google, Microsoft, Apple, Amazon, etc. can figure out how to effectively store passwords. While I acknowlege that Active directory is a bit different from a web service, if this can't be realized, god knows what's happening with the other 500 sites we all have accounts on (that invariably use shared passwords: http://xkcd.com/792/ ). I really love it when I get password reset emails with my original password in plain text.

Discussing hashes internally with Commander Adams, among the reasons we use unsalted hashes for internal passwords was that Google Mail for Domains (with which we use an SSO tool) doesn't work with salted hashes.

Or should I be siccing Krell monsters on the good Commander again?

Exchange email systems have web interfaces. They typically authenticate with AD.

Yea it dates back to the beginning of NT (which is why it is MD4) and by now this hash is used in so many Windows protocols it is hard to change.