Ditching the password is a trend that’s gaining steam in the enterprise world—and encrypted password manager Bitwarden is jumping on the wagon, ZDNet reported.

In a blog post, Bitwarden Senior Product Marketing Manager Ryan Luibrand wrote that the company would now be integrating the passwordless single sign-on (SSO) option. That’s the authentication method that allows users to use one set of credentials for multiple services by establishing trust relationships with an identity provider.

While SSO streamlines the process of using the innumerable apps many enterprises rely on for day-to-day operations, it also has some inherent security risks. If a user account is compromised, SSO can allow a malicious party to access any services that account can access. Weak passwords or falling for a phishing attack can be the brittle link in that chain.

Bitwarden’s passwordless offering aims to solve that by enabling users to store their SSO master decryption key on a trusted device such as a phone.

“When logging in, there is both an authentication process and a decryption process,” Luibrand wrote. “These are handled simultaneously but separately when a user logs in. When set up with an identity provider (IdP) service, it authenticates the user through SSO. Then, the data is separately decrypted with the account encryption key and made available to the user.”

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

You: sharp, motivated, and ready to learn a coding language. Also you: feeling stuck in an endless loop of videos and reading material without really learning…anything.

Try the JetBrains Academy approach. Instead of passive learning, JetBrains Academy provides interactive projects designed to help you grasp complex concepts in real-world contexts.

You’ll be using JetBrains IDEs while creating your projects, giving you hands-on experience. It’s not just about learning to code—it’s about learning to think like a coder.

Whether you’re working toward a career pivot or just trying to brush up on your coding skills, JetBrains Academy can help.

Take the next step.

Threat actors are amping up attacks on Apple as its hardware becomes more widely used across a number of industries—and that has cybersecurity professionals scrambling to protect devices.

Jamf Portfolio Strategy VP Michael Covington told IT Brew at the Jamf Nation User Conference in September that the age of the ignored Mac is over, and the time of the targeted Mac has come.

“I don’t think end users—let alone companies—are aware of these threats that are out there,” Covington said.

As Mac use increases and companies store sensitive information and perform important tasks on the machines, the products are becoming more appealing threat targets.

“Macs and mobile devices are being used for more critical business applications than ever before; it used to be the graphics, or just a little bit of document writing, email checking—now it’s a critical line of business applications,” Covington said. “And I think that’s where things start to get interesting, where you have this intersection of meaningful stuff on the device, and bad things that are going after it.”

Threat actors initially targeted Apple products through adware, he explained, to probe for weaknesses. Now, attackers are developing ransomware attacks and spyware targeted at Macs. It’s part of an industrywide trend of hackers effectively targeting and attacking systems in clever and subtle ways.

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

From apprenticeship programs to work-from-home flexibility, agencies across the government increasingly have to apply creative approaches to counteract the cybersecurity labor shortage.

While the workforce shortage affects both the private and public sector—federal data indicates there were 69 workers for every 100 job postings between May 2022 and April 2023—there’s evidence agencies are hit particularly hard.

A recent study from Swimlane found that more than one-third of surveyed US government security employees believe their agencies’ security teams will never be fully staffed. That’s partly because agencies are hampered with specific requirements—like the need for security clearances—and fixed budgets while they compete for talent with high-paying companies in the private sector.

“You’ve got a couple of factors pushing against the government from the civilian sector,” Ron Culler, VP of cyber development programs at IT trade association CompTIA, told IT Brew. He highlighted the regimented government pay and promotion schedules as well as a reliance on contractors with security clearances from previous jobs as key barriers.

Agency officials and government labor experts told us they’re eyeing a few out-of-the-box strategies to shift the employment incentives in their favor.

Keep reading here.—KG

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: 40%. That’s how much of Samsung’s NAND flash memory is made in China, part of why the US is offering some exceptions for Asian countries in its chip trade war with the country. (the Wall Street Journal)

Quote: “I trusted his judgment.”—former FTX executive and co-founder Gary Wang, testifying about Sam Bankman-Fried (the New York Times)

Read: European companies have allegedly been selling spyware to authoritarian regimes, and a new project aims to reveal the extent to which governments in the EU have been complicit. (European Investigative Collaborations)