Securing Roving User Access

Across many industries – including banking and finance, retail, manufacturing, hospitality, healthcare, and contact centers – employing roving users on shared workstations or desktops is a business mandate. While there are several operational roadblocks that make the scenario secure (more details on that below), there is one core obstacle that is inherent to the workflow: 

#1 Challenge to Secure Roving Users

The device – a shared kiosk, workstation or desktop – cannot be used as part of the authentication or tied to the identity of the person logging in, as it is not registered to a single individual.

Other Key Challenges:

Acts as the entry point to highly sensitive information and critical systems.

Services multiple users in high-traffic locations.

Often in environments where users cannot use traditional authentication methods – especially phones or tokens.

Because many mainstream authentication solutions cannot support the unique scenarios presented by roving users, these environments will continue to rely on weak security measures – like username and password.  


Common Shared Workstation Scenarios

Hospitality / Front of the House

The majority of hospitality employees are shift-based, meaning that multiple users will need to access a single, shared kiosk throughout any given day. With vast amounts of customer personal information – like credit card numbers and contact details – being stored on their systems, it’s critical that only authorized individuals have access to shared computers. Since most mainstream authentication solutions cannot support this unique scenario, the hospitality industry often turns to weaker alternatives, like username + password.  

Contact Centers

In the wake of the COVID-19 pandemic, contact centers have become an increasingly attractive target for fraudsters and cyber-attack threats. For one, contact centers face high turnover rates, which adds a layer of complexity when trying to secure and manage workforce identities. As a measure taken to address this, many contact centers do not allow the use of mobile phones or hardware tokens. Unfortunately, many businesses end up making some security concessions (like allowing mobile devices even though they present a security threat) for daily operations to run smoothly.

Manufacturing Floors

Mainstream authentication solutions fall short for a variety of reasons for many manufacturing facilities. First and foremost, it’s often unsafe to utilize mobile phones on a manufacturing floor, and security protocols, therefore, do not allow them to be used. Second, with countless daily tasks and assignments, roving users on shared workstations are critical for workflow efficiency – both operationally and financially. For the employer, it’s critical that they have transparency into who exactly is completing each task and the ability to audit logs and track time spent.

Roving user environments are incredibly complex in terms of authentication – and mainstream solutions are failing to support them. The proper security solution needs to be efficient and seamless for the end-user, cost-effective for the business, and secure enough to prevent a variety of cyberattacks and fraudulent behavior.

Are you struggling to secure shared workstations?


Less Friction & Frustration.

More Security & Flexibility

An effective and efficient shared workstation login experience is one that makes authentication easy for those who are meant to use it and protected against those who are not. BIO-key’s unified IAM platform, PortalGuard®, is robust and flexible to adapt to your specific needs, requirements, and environment. It includes an advanced Multi-factor Authentication (MFA) solution that can even help you make the shift to Passwordless authentication

Customer Spotlight

For Orange Bank & Trust Company, having roving users on shared workstations are a fundamental component of daily operations, with a single kiosk supporting multiple employees throughout the day. Learn how this financial institution took control of their shared workstation security by implementing passwordless authentication with Identity-Bound Biometrics (IBB).

Using Identity-Bound Biometrics

Secure Roving User Access

Unlike ‘something you know’ (passwords, PIN) and ‘something you have’ (hardware tokens, phone-based methods), Identity-Bound Biometrics (IBB) relies on ‘something you are’, authenticating the identity of the person.  

Identify the Person

A one-touch scan of a finger at any device in any location authenticates the user’s identity, only the authorized person is accessing a shared system.

Cost Effective

A minimal, one-time investment eliminates the need to purchase multiple tokens or mobile devices to ultimately reduce your overall IT costs.

Frictionless Experience

The simple, one-touch authentication across every workstation saves countless hours and increases productivity with a consistent, frictionless user experience.

Find out what PortalGuard® can do for your business.