Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Passwordless shared access: what it means for frontline IAM teams


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Security leaders increasingly view IAM as a productivity control as well as a security control, with 92% of organisations reportedly implementing or planning passwordless authentication, according to Imprivata. In critical industries, the real test is whether access can stay fast, accountable, and usable for shared workstations and frontline workflows.

NHIMG editorial — based on content published by Imprivata: Security leaders discuss optimizing identity and access management in critical industries

By the numbers:

Questions worth separating out

Q: How should security teams implement passwordless authentication for shared devices?

A: Security teams should pair passwordless authentication with device binding, session logging, and automatic reset so the next user starts from a clean state.

Q: Why do shared workstations create IAM governance challenges?

A: Shared workstations create governance challenges because multiple people use the same hardware across a shift, which blurs session ownership unless identity controls are explicit.

Q: What do organisations get wrong about passwordless access?

A: Many organisations treat passwordless as a user-experience upgrade instead of an access governance redesign.

Practitioner guidance

  • Redesign shared-device login flows Replace repeated password prompts with passwordless access that still records who authenticated, on which device, and for which workflow.
  • Make session reset mandatory Require automatic wipe-and-reset behaviour on shared workstations and shared mobile devices before the next user starts.
  • Use context to tune assurance Apply risk-based authentication and device context to decide when to step up verification versus when to preserve continuity.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

  • Frontline workflow examples showing how shared device access is handled in healthcare, government, and manufacturing
  • The podcast discussion on balancing passwordless usability with security accountability across real operational settings
  • Specific examples of how shared mobile access resets the device between users after each session
  • The vendor's framing of how IAM can support productivity without weakening access control

👉 Read Imprivata's discussion of passwordless shared access in critical industries →

Passwordless shared access: what it means for frontline IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Passwordless authentication is now an operational requirement, not a convenience feature. In critical industries, repeated password prompts create measurable delay, but removing them without redesigning assurance simply moves risk elsewhere. The governance task is to decide which access moments need strong proof, which need continuity, and which need automatic reset. Practitioners should treat passwordless as a workflow control, not a login shortcut.

A few things that frame the scale:

  • The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
  • Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.

A question worth separating out:

Q: How do you know if shared mobile access is working?

A: Shared mobile access is working when users can authenticate quickly, load their personalised workspace, and then leave no recoverable session state behind. A good signal is that the device consistently returns to a known-clean condition between users while maintaining complete logs of who accessed what and when.

👉 Read our full editorial: Identity access management is shifting toward passwordless shared access



   
ReplyQuote
Share: