Did you know that 80% of the global workforce doesn’t sit behind a desk, yet most authentication systems are designed for office workers? This glaring gap in identity security for frontline workers is finally getting the attention it deserves, thanks to bold moves like Ping Identity’s recent acquisition of Keyless. But here’s where it gets controversial: while this deal highlights a critical need, it also exposes just how far behind we are in protecting the identities of those who keep our world running—from healthcare workers to factory floor staff. And this is the part most people miss: the very tools meant to secure access, like multi-factor authentication (MFA), often fail these workers due to their unique, on-the-ground challenges.
Last month, Ping Identity made waves by acquiring Keyless, a company specializing in privacy-preserving biometric authentication. In an interview with Bank Info Security, Ping Identity CEO Andre Durand emphasized, ‘We wanted a solution for frontline workers, not just for white-collar employees.’ This move underscores a growing recognition that frontline workers—estimated at 2.7 billion globally, according to Gartner—deserve secure, tailored authentication methods. Yet, traditional systems fall short.
Why the Gap Exists
Frontline workers face barriers that office employees rarely encounter. For instance, many workplaces in healthcare, construction, and manufacturing ban cellphones for safety and focus. This restriction cripples MFA methods reliant on SMS, push notifications, or mobile apps. Shared terminals, another common feature in these settings, introduce identity management nightmares. As Mark Townsend, CTO of AcceleTrex, told SC Media, ‘Traditional identity systems were designed for office-based employees using managed devices. The next phase must focus on full workforce coverage, regardless of employment status, location, or device ownership.’
Insecure practices, like password sharing or sticking notes on monitors, are rampant in these environments. Yubico’s 2024 white paper highlights how such habits stem from authentication workflows that hinder essential tasks. In critical sectors like healthcare, this isn’t just inconvenient—it’s dangerous. A 2017 study in Healthcare Informatics Research found that 73.6% of medical staff admitted to using someone else’s password. Similarly, Dragos’ 2022 report revealed that 54% of industrial cybersecurity engagements involved shared credentials.
The Overlooked Challenge: PPE
Another often-ignored hurdle is personal protective equipment (PPE). Gloves, mandatory in many frontline roles, make typing or using touchscreens a clumsy affair. As Oloid points out, workers either struggle to enter credentials or remove gloves, risking contamination. This friction can lead to unsafe shortcuts, like skipping MFA or sharing passwords—risks no critical sector can afford.
Real-World Consequences
The stakes are high. In 2023, the Cybersecurity and Infrastructure Security Agency (CISA) found that 41% of critical infrastructure breaches involved compromised valid accounts. Shared credentials and missing MFA played a role in attacks like the 2021 Oldsmar water plant incident, where a single password guarded remote access, and the Colonial Pipeline ransomware attack, enabled by a VPN account without MFA.
Solutions on the Horizon
Ping Identity and Keyless aim to bridge this gap with seamless, secure solutions like facial biometrics. Their ‘single glance’ authentication eliminates the need for passwords or dedicated devices—a game-changer for shared workstations. Keyless’s privacy-preserving biometrics, which encrypts biometric data to prevent theft, adds an extra layer of trust.
Beyond biometrics, physical security keys, smart cards, and RFID badges offer passwordless alternatives. ELATEC notes that RFID badges are particularly reliable in harsh industrial environments, unaffected by dirt, humidity, or the need to remove gloves.
The Bigger Question
While the Ping-Keyless deal is a step forward, it raises a provocative question: Are we doing enough to secure the identities of those who power our essential services? As Townsend notes, the shift toward inclusive identity strategies is critical, but it’s just the beginning. What do you think? Are biometric solutions like Keyless’s the answer, or do we need a more radical rethink of frontline authentication? Share your thoughts in the comments—let’s spark a conversation that could shape the future of identity security.
