No discussion about securing organizations with a strong passwordless and/or multi-factor authentication (MFA) solution can be complete without considering a very important category of employees – frontline workers. Gartner estimates that worldwide there are 2.7 billion frontline workers – more than twice the number of desk-based employees. And yet, there remains a lack of awareness of issues specific to frontline worker authentication or solutions available to address them effectively. Quite a few organizations have chosen to tackle these difficulties by creating carveouts from MFA requirements when it comes to frontline workers. Needless to say, such an approach puts the entire organization at risk. There are, however, much better alternatives.
Gartner defines frontline workers as follows:
"A frontline worker is an employee that directly produces goods or delivers services. These workers perform their duties in physical locations where they interact with customers or handle essential tasks."
Examples include clinical personnel in healthcare, retail and service associates, first responders and assembly-line workers. Currently, frontline workers make up about 80% of the global workforce and are in high demand among companies. For reasons outlined below, frontline workers often create vulnerable environments in an organization that are particularly prone to cyberattacks.
Certain aspects of frontline worker environments make their authentication challenging, which may lead to risky carveouts from good practices of phishing-resistant authentication and MFA. Some of these challenges include:
FIDO2 and passkeys have deservedly been receiving a lot of attention, being the most advanced, secure and phishing-resistant authentication technology available today. FIDO2 hardware security keys, especially ones with NFC technology enabling a tap-and-go login experience seem like a good answer to some of the frontline environment use cases. However, serious issues remain unsolved. While some handling of shared workstations is possible with FIDO2 security keys, there are limitations imposed in most commercial platforms (for example, no more than 10 different security keys can be registered in Windows Hello). Synced passkeys have solved the “one user, many devices” problem, but not the “one device, many users” one. And neither passkeys nor hardware security keys have solved the shared account problem. Deployment, lifecycle management and user onboarding for FIDO2 security keys at scale is challenging in large organizations.
rf IDEAS has recently teamed up with IDmelon Technologies to offer the ConvergeIDTM Passwordless Platform, a solution based on FIDO2 that is ideally suited for frontline worker authentication. Via software, a user’s standard physical access card is converted into a FIDO2 security key that can be used for seamless, tap-and-go login to PCs and any application that supports FIDO2. Some frontline workers may not have an e-mail address, some may not be able to use their mobile phone, but if there is one thing that every single worker has, it’s a badge. A powerful administration panel makes user onboarding seamless – workers can be enabled overnight with no action required on their part and with no knowledge whatsoever of FIDO2 technology. Easy onboarding, offboarding, activity auditing, security key management and workflow automation are some of the compelling features of the solution. Security policies can be defined based on a user’s role, geographic location, device, time of day, etc. Shared accounts are handled effectively, since there is no limit on how many security keys can be assigned to a given account – while activity can still be tracked by individual user.
Ready to explore what the ConvergeID™ solution can do for your frontline worker authentication use case? Contact rf IDEAS to set up a demo today.