Shared workstations blur the link between identity, device, and activity. One terminal can serve many users, so lingering sessions, shared credentials, and weak user switching can spread risk across shifts. The operational problem is that accountability becomes harder to prove when the device, not the person, is the constant.
Why This Matters for Security Teams
Shared workstations are risky because they weaken the three anchors of access control: identity, device, and activity history. On an individual endpoint, security teams can usually tie a session to one user, one device, and one set of actions. On a shared terminal, that chain is easier to break through poor logout hygiene, cached browser state, reused local profiles, or a fast user handoff between shifts. The result is not just convenience risk. It complicates investigations, access reviews, and enforcement of least privilege and Zero Trust principles described in the NIST Cybersecurity Framework 2.0 and the OWASP Non-Human Identity Top 10. The same problem shows up in NHI operations when one shared machine is used to access service accounts, API keys, or admin consoles, because the device becomes a pool of potential privilege rather than a trusted control point. NHIMG guidance on Ultimate Guide to NHIs — Key Challenges and Risks notes that only 5.7% of organisations have full visibility into their service accounts, which makes shared endpoint hygiene even harder to verify. In practice, many security teams discover this gap only after a suspicious session or access review has already exposed it, rather than through intentional monitoring.
How It Works in Practice
The control problem on a shared workstation is usually operational, not theoretical. One user signs in, opens a browser or admin tool, then leaves behind active tokens, saved passwords, or a logged-in session. The next user inherits whatever the previous person forgot to close. If the workstation also acts as a jump box or a kiosk for privileged tasks, the blast radius grows because the device may hold access to multiple apps, secrets stores, or NHI consoles at once. Current guidance suggests combining session timeout, strong screen locking, per-user profiles, and re-authentication for sensitive actions, but those controls only work when users actually switch cleanly and the endpoint itself is tightly managed. The Ultimate Guide to NHIs warns that secrets persistence and weak revocation are common failure points, while the 52 NHI Breaches Analysis highlights how quickly compromised access can become repeated compromise when credentials are left behind.
- Use per-user Windows or Linux profiles, not a shared browser profile, for any console that can reach privileged data.
- Require step-up authentication before viewing, exporting, or rotating secrets.
- Disable password saving, local token persistence, and unmanaged clipboard sync on shared devices.
- Pair screen locking with forced session termination at shift change, not just idle timeout.
- Treat shared kiosks as low-trust endpoints and limit them to narrowly scoped tasks.
Shared workstations are especially fragile in call centres, manufacturing floors, control rooms, and break-glass access stations because high turnover and time pressure make clean sign-out unreliable.
Common Variations and Edge Cases
Tighter workstation controls often increase friction for frontline staff, so organisations have to balance speed against assurance. That tradeoff is real, especially where workers rotate every few minutes or where one device is expected to serve many people across a shift. In those cases, best practice is evolving toward short-lived sessions, JIT access, and device posture checks rather than relying on long-lived local login state. This is also where identity becomes more important than the endpoint itself: a hardened shared device still does not prevent one user from inheriting another user’s access if the application session remains valid. For NHI-heavy environments, shared workstations should never be the place where static API keys, long-lived certificates, or admin secrets are entered manually. Instead, use privileged access workflows, vault-backed secret retrieval, and time-bounded credentials that expire automatically after the task completes. The Top 10 NHI Issues and OWASP NHI Top 10 both reflect this shift toward shorter-lived, better-scoped access. In facilities with offline workflows or legacy apps, there is no universal standard for perfect user separation yet, so compensating controls matter more than policy claims alone.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Shared workstations often expose reusable secrets and weak revocation. |
| NIST CSF 2.0 | PR.AC-4 | Shared endpoints complicate least-privilege access enforcement. |
| NIST AI RMF | Accountability and traceability matter when one device serves many users. |
Define ownership, logging, and review steps for every shared-workstation access path.
