Manufacturing teams should remove shared credentials wherever possible and replace them with individual identities tied to each worker or contractor. If shared devices are unavoidable, access should be session-based, attributable, and logged centrally so incident response and audit can still identify who performed each action.
Why This Matters for Security Teams
Shared access on the shop floor is rarely a convenience-only issue. In manufacturing, it can obscure accountability, weaken segregation of duties, and make it difficult to prove who changed a recipe, approved a batch, or accessed a controller. That matters because production systems often blend human access with machine, service, and tool identities, and the resulting identity sprawl is exactly where compromise hides. NHI Mgmt Group notes that Ultimate Guide to NHIs shows 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.
Security teams often assume the physical location of a shared terminal is enough context. It is not. A badge tap does not explain whether the action was performed by an operator, contractor, maintenance technician, or an automated script running under the same session. Current guidance from OWASP Non-Human Identity Top 10 and the NIST Cybersecurity Framework 2.0 points toward attributable access, least privilege, and logging as baseline expectations, not optional extras. In practice, many security teams encounter audit gaps only after a line stoppage, quality dispute, or safety incident has already forced a forensic review.
How It Works in Practice
The practical goal is to preserve operational speed without creating anonymous access. Start by assigning each worker or contractor an individual identity, then map that identity to the shared device through session-based access. On a shop floor, that typically means the terminal remains shared, but the session does not: the login is personal, the action trail is personal, and the session ends cleanly when the task ends. Where personal authentication is not feasible at every touchpoint, use supervisor approval or badge-mediated reauthentication so the system can still attach each action to a person.
For production systems, the strongest pattern is to treat the terminal as a trusted access point and the operator session as the auditable unit. That aligns with the lifecycle and visibility practices described in Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs and the operational risk themes in Ultimate Guide to NHIs — Key Challenges and Risks. A workable control set usually includes:
- individual identity for each worker, contractor, and supervisor
- session timeouts that end quickly on inactivity or task completion
- central logging of login, approval, override, and configuration changes
- role-based screen views, but not shared credentials
- break-glass access only for exceptions, with automatic review afterward
This model also improves incident response because investigators can reconstruct who touched a machine setting, a recipe, or a maintenance function. Teams should pair it with periodic review of access rights, because shared floor access often expands silently through shift changes, temporary labor, and vendor support. These controls tend to break down when legacy HMIs or PLC adjacent applications only support one generic operator account and cannot enforce per-user authentication.
Common Variations and Edge Cases
Tighter individual attribution often increases friction on the line, requiring organisations to balance traceability against throughput, uptime, and worker usability. That tradeoff is real in high-volume environments, especially where devices are rugged, offline, or tied to aging manufacturing execution systems.
Guidance suggests that when individual login is not technically possible, the fallback should still preserve accountability through supervised access, badge-based session initiation, or kiosk mode with central correlation. There is no universal standard for this yet, but best practice is evolving toward per-session identity proof rather than permanent shared credentials. In mixed environments, this also applies to maintenance vendors and automation engineers, whose access should expire after the job and be reviewed against the work order.
For plants with regulated quality or safety obligations, shared access can become a compliance issue as much as a cyber issue. That is why NHI Mgmt Group’s broader research on visibility and offboarding in the Ultimate Guide to NHIs matters here: if access cannot be attributed, it cannot be safely revoked, investigated, or defended during an audit. The same logic appears in 52 NHI Breaches Analysis, where weak identity hygiene repeatedly turns routine operational access into incident material.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-1 | Shared floor access needs identifiable, controlled access paths. |
| OWASP Non-Human Identity Top 10 | NHI-01 | Shared credentials create attribution and lifecycle risks common to NHI sprawl. |
| NIST AI RMF | Runtime accountability and traceability map to AI risk governance principles. |
Treat attribution, logging, and access review as core governance controls for shared operational identities.
Related resources from NHI Mgmt Group
- How should IAM teams secure shared-device access in regulated environments?
- How should security teams run access reviews for non-human identities?
- How should security teams govern non-human identities that have persistent access?
- How should security teams govern API keys used for generative AI access?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 24, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
