TL;DR: Shared terminals, kiosks, and workstations expose a frontline IAM gap because office-era assumptions like one person, one device, and personal recovery paths break down in shift-based environments, according to Ping Identity. The trust model needs to shift from device-centric access to worker-centric verification, or accountability, auditability, and onboarding will remain fragile.
NHIMG editorial — based on content published by Ping Identity: Why Verifying Trust for Frontline Workers Starts with Shared Devices
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
Questions worth separating out
Q: How should security teams handle identity verification on shared devices in frontline environments?
A: Security teams should treat the worker, not the device, as the subject of assurance.
Q: Why do traditional workforce IAM controls fail in retail and manufacturing settings?
A: Traditional workforce IAM fails because it assumes one stable person, one personal device, and predictable recovery paths.
Q: What breaks when shared credentials are used on frontline systems?
A: Shared credentials break attribution.
Practitioner guidance
- Map frontline access journeys by device and shift type Identify where workers sign in, hand off, recover access, and perform high-risk actions on shared terminals, kiosks, or workstations.
- Bind onboarding proofing to later recovery workflows Use the same verified identity evidence at enrolment and helpdesk recovery so the organisation does not rely on personal email, a phone, or subjective caller judgment.
- Replace shared credentials with worker-centric sign-in controls Prioritise authentication methods that prove the person at the terminal instead of the device itself.
What's in the full article
Ping Identity's full article covers the operational detail this post intentionally leaves for the source:
- The biometric shared-device flow for frontline sign-in, including how a camera becomes the authenticator.
- The onboarding and helpdesk verification sequence that reuses government ID plus facial matching.
- The retail and manufacturing workflow examples showing where shared-device friction most often appears.
- The practical runtime controls for balancing speed, attribution, and access assurance across shift changes.
👉 Read Ping Identity's analysis of shared device authentication for frontline workers →
Shared device authentication: what it means for frontline IAM teams?
Explore further
Shared device authentication exposes an office IAM assumption that no longer holds. One person, one device was never a universal identity model, it was a convenience model for corporate work. Frontline environments invalidate that premise because access is shared, shifts are short, and recovery paths often do not exist. The implication is that workforce identity programmes must stop treating personal-device dependence as normal and start designing for shared terminals as a first-class access pattern.
A few things that frame the scale:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to the Ultimate Guide to NHIs.
- 79% of organisations have experienced secrets leaks, and 77% of those incidents resulted in tangible damage, according to the Ultimate Guide to NHIs.
A question worth separating out:
Q: Who is accountable when frontline access cannot be traced to a specific worker?
A: Accountability shifts back to the identity programme, the helpdesk process, and the system owner that allowed shared access without strong proofing. Frameworks such as NIST CSF and NIST SP 800-53 expect access to be attributable and auditable, so weak frontline identity controls become a governance issue, not just an operational inconvenience.
👉 Read our full editorial: Shared device authentication exposes the frontline IAM gap