Across many industries – including banking and finance, retail, manufacturing, hospitality, healthcare, and contact centers – employing roving users on shared workstations or desktops is a business mandate. While there are several operational roadblocks that make the scenario secure (more details on that below), there is one core obstacle that is inherent to the workflow:
The device – a shared kiosk, workstation or desktop – cannot be used as part of the authentication or tied to the identity of the person logging in, as it is not registered to a single individual.
Acts as the entry point to highly sensitive information and critical systems.
Services multiple users in high-traffic locations.
Often in environments where users cannot use traditional authentication methods – especially phones or tokens.
Because many mainstream authentication solutions cannot support the unique scenarios presented by roving users, these environments will continue to rely on weak security measures – like username and password.
The majority of hospitality employees are shift-based, meaning that multiple users will need to access a single, shared kiosk throughout any given day. With vast amounts of customer personal information – like credit card numbers and contact details – being stored on their systems, it’s critical that only authorized individuals have access to shared computers. Since most mainstream authentication solutions cannot support this unique scenario, the hospitality industry often turns to weaker alternatives, like username + password.
In the wake of the COVID-19 pandemic, contact centers have become an increasingly attractive target for fraudsters and cyber-attack threats. For one, contact centers face high turnover rates, which adds a layer of complexity when trying to secure and manage workforce identities. As a measure taken to address this, many contact centers do not allow the use of mobile phones or hardware tokens. Unfortunately, many businesses end up making some security concessions (like allowing mobile devices even though they present a security threat) for daily operations to run smoothly.
Mainstream authentication solutions fall short for a variety of reasons for many manufacturing facilities. First and foremost, it’s often unsafe to utilize mobile phones on a manufacturing floor, and security protocols, therefore, do not allow them to be used. Second, with countless daily tasks and assignments, roving users on shared workstations are critical for workflow efficiency – both operationally and financially. For the employer, it’s critical that they have transparency into who exactly is completing each task and the ability to audit logs and track time spent.
Roving user environments are incredibly complex in terms of authentication – and mainstream solutions are failing to support them. The proper security solution needs to be efficient and seamless for the end-user, cost-effective for the business, and secure enough to prevent a variety of cyberattacks and fraudulent behavior.
An effective and efficient shared workstation login experience is one that makes authentication easy for those who are meant to use it and protected against those who are not. BIO-key’s unified IAM platform, PortalGuard®, is robust and flexible to adapt to your specific needs, requirements, and environment. It includes an advanced Multi-factor Authentication (MFA) solution that can even help you make the shift to Passwordless authentication.
For Orange Bank & Trust Company, having roving users on shared workstations are a fundamental component of daily operations, with a single kiosk supporting multiple employees throughout the day. Learn how this financial institution took control of their shared workstation security by implementing passwordless authentication with Identity-Bound Biometrics (IBB).
Unlike ‘something you know’ (passwords, PIN) and ‘something you have’ (hardware tokens, phone-based methods), Identity-Bound Biometrics (IBB) relies on ‘something you are’, authenticating the identity of the person.
A one-touch scan of a finger at any device in any location authenticates the user’s identity, only the authorized person is accessing a shared system.
A minimal, one-time investment eliminates the need to purchase multiple tokens or mobile devices to ultimately reduce your overall IT costs.
The simple, one-touch authentication across every workstation saves countless hours and increases productivity with a consistent, frictionless user experience.
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|