In
announcing its acquisition of Keyless last month, Ping Identity emphasized Keyless’ ability to protect frontline worker identities with privacy-preserving biometric authentication.
Ping Identity CEO Andre Durand further spotlighted this aspect in
an interview with Bank Info Security, stating, “We wanted a solution for frontline workers, not just for white-collar employees.”
Frontline workers, those who work outside an office, are estimated to make up about 80% of the global workforce,
according to frontline workforce technology company Beekeeper. And
according to Gartner, there are about 2.7 billion frontline workers in the world, more than double the amount of employees who primarily work at a desk.
However, many worker authentication methods do not cater to the unique challenges of frontline work settings.
“Traditional identity systems were designed for office-based employees using managed devices,” Mark Townsend, co-founder and CTO of technology-referral exchange company AcceleTrex, told SC Media. “The next phase of identity management will focus on full workforce coverage, ensuring that every role, regardless of employment status, location, or device ownership, can securely access the applications and systems they need.”
Challenges of frontline worker authentication
Frontline workers face several barriers that limit their authentication options and increase identity risks.
For example, many frontline workplaces, including healthcare, construction, manufacturing and other industrial settings, prohibit the use of cellphones for safety reasons and to prevent distractions.
This creates a barrier for the use of multi-factor authentication (MFA) that relies on SMS texts, push notifications or mobile apps, and device-based passkeys, which often uses a phone as the authenticating device.
Additionally, unlike most office workers who have their own dedicated computer, frontline employees frequently use shared terminals to authenticate, which poses its own major identity management challenges.
“Insecure practices, such as password sharing and the use of sticky-notes for passwords, are common in shared workstation and shared device scenarios by shift workers, and are a symptom of systemic issues with authentication workflows that get in the way of essential tasks,” authentication hardware provider Yubico noted in a
2024 white paper.
These practices pose a heightened risk in critical infrastructure sectors where lack of user traceability can create compliance gaps, and a breach can have devastating consequences ranging from the theft of sensitive patient data to the shutdown of critical utilities or manufacturing processes.
However, even in these critical sectors, unsafe authentication practices are common.
One study, published in the journal Healthcare Informatics Research in 2017, found that 73.6% of surveyed medical staff admitted to having obtained the password of another staff member.
Additionally,
Dragos’ ICS/OT Cybersecurity Year in Review 2022 report revealed that 54% of service engagements by the industrial cybersecurity company included findings related to shared credentials.
Another overlooked aspect when it comes to authentication methods for frontline workers is personal protective equipment, or PPE. Gloves in particular are widely used or required in environments like hospitals, laboratories and factories, and as noted in an
article by Oloid, can make it difficult to type and use touchscreens or fingerprint scanners.
“This leads to workers either fumbling through entering access data wearing the gloves, often failing to do so correctly on one or more attempts, or removing the gloves to gain access, and having to re-clean their hands and reapply the same gloves or a new pair after,” the passwordless authentication company noted.
The ability to authenticate quickly is especially important in critical sectors like healthcare and industrial settings, where sensitive equipment or emergencies need to be attended to, and the hassle of traditional methods like passwords and MFA can potentially lead to unsafe practices like password sharing or forgoing MFA altogether.
The frontline identity gap: consequences and solutions
Th consequences of neglecting identity protections for frontline and critical infrastructure workers can be seen in real-world attacks; an
assessment by the Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command for fiscal year 2023 found that 41% of successful critical infrastructure intrusions involved the abuse of valid accounts.
Shared accounts and lack of MFA increase the risk of such attacks, as seen in a
2021 cyberattack against a water treatment plant in Oldsmar, Florida, where all computers connected to the plant’s supervisory control and data acquisition (SCADA) system
reportedly used the same password for remote access, and
the 2021 Colonial Pipeline ransomware attack, where initial access was gained through a VPN account with no MFA enabled.
Vendors like Ping Identity and Keyless aim to close the identity protection gap for frontline workers through more secure and seamless solutions like facial biometrics. Ping’s acquisition announcement specifically emphasizes the ability for workers to authenticate “with a single glance at the camera,” without the need for a dedicated device or password entry.
“This is critical in sectors like manufacturing, healthcare, and logistics, where shared workstations or kiosk access is the norm. The move reflects a broader shift toward inclusive identity strategies that extend zero-trust principles to every user, not just knowledge workers,” Townsend noted.
Keyless’ technology specifically uses “privacy-preserving” biometric authentication applies cryptography to biometric information to protect it from theft or reconstruction.
Beyond biometrics, physical security keys and smart cards/badges also offer a passwordless option for workers at shared terminals and without mobile phones. Microsoft Entra ID documentation notes that “security keys are a great option for frontline workers,” but notes the need to balance the costs of physical keys and consider lower cost options like smart cards and certificate-based authentication.
Radio-frequency identification (RFID) based badges are
noted by RFID authentication systems provider ELATEC to be especially reliable in difficult industrial environments where dirt and debris, high humidity or hot temperatures may interfere with other technologies like biometric scanners, and do not require workers to remove PPE like gloves or masks.
The Ping-Keyless acquisition is one sign that the identity industry is moving to expand authentication options for frontline workers, which can contribute to better security outcomes for critical infrastructure and beyond.
