Notifications
Clear all
Topic starter
25/06/2026 5:26 pm
TL;DR: Passwordless authentication is being positioned as both a security and productivity control in critical industries, with shared devices, FIDO2 keys, biometrics, badges, and passkeys used to reduce credential-related friction and incidents, according to Imprivata. The broader issue is that identity programmes now have to balance user experience, Zero Trust verification, and operational speed rather than treat login as a stand-alone control.
NHIMG editorial — based on content published by Imprivata: passwordless authentication and identity governance in critical industries
Questions worth separating out
Q: How should organisations implement passwordless authentication in shared-device environments?
A: Start by matching the authentication method to the actual workflow, not the other way around.
Q: Why does passwordless authentication still need access governance?
A: Because proving identity once does not decide what the user should be allowed to do next.
Q: What do security teams get wrong about passwordless rollout?
A: They often focus on the login method and ignore recovery, exception handling, and workflow fit.
Practitioner guidance
- Map passwordless methods to real workflows Start with shared workstations, mobile endpoints, and shift-based use cases.
- Pair authentication with access governance Do not treat passwordless as the finish line.
- Measure security and productivity together Track credential-related incidents, authentication failures, help desk calls, and time saved for frontline workers.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- The event-specific examples behind shared workstation and mobile access workflows in critical industries.
- The presentation context from InfoSec World 2025 and the practical themes discussed with practitioners.
- The detailed list of passwordless methods and how the vendor frames their use in frontline settings.
- The vendor's own examples of productivity gains and access-related outcomes from deployment.
👉 Read Imprivata's analysis of passwordless authentication in critical industries →
Passwordless access in critical industries: what changes for IAM teams?
Explore further
25/06/2026 6:07 pm
Passwordless is becoming an access architecture problem, not just an authentication upgrade. The article shows that frontline environments cannot afford slow or brittle login flows, but speed alone does not solve identity governance. When shared devices, mobile access, and shift-based work are involved, passwordless becomes part of a broader control plane that has to balance user friction, phishing resistance, and operational continuity.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who should be accountable when passwordless access creates a workflow gap?
A: Accountability should sit with the identity and access programme, not only with endpoint or application teams. Passwordless changes the authentication layer, but the business outcome depends on how access policy, lifecycle processes, and user recovery are governed across the full journey from sign-in to session completion.
👉 Read our full editorial: Passwordless authentication is becoming an IAM control plane issue
