1Kosmos announced 1Kosmos 1Key for shared account login environments. With FIDO-compliant biometric authentication, 1Kosmos Key addresses the pressing need for security, accountability, and auditability in settings where multiple users access shared accounts, such as operational technology (OT) systems, hospitality services, and other collaborative workspaces.

Shared accounts are commonly used in both IT and OT environments where many users interact with a single workstation or application. However, shared access can also lead to security vulnerabilities, accountability gaps, and the risk of credential misuse. Traditional methods for managing shared logins rely on generic passwords or physical keys issued to individuals and that are prone to loss, misuse, or unauthorized access. 

1Kosmos 1Key solves these challenges with a unique, biometric-enabled, passwordless device that can verify fingerprints for multiple users and remains plugged into the protected endpoint at all times. Users simply enroll their fingerprints once, and can access authorized endpoints and applications anywhere.

Using 1Kosmos 1Key, each user logs in via a FIDO-compliant biometric key, which securely authenticates their identity. Once authenticated, the system presents the shared accounts the user is authorized to access, all managed by a seamless integration with Privileged Access Systems (PAM) such as CyberArk's credential vault. Each login is monitored, creating a secure, auditable record of every session, ensuring compliance and eliminating the need for shared passwords. 

"Shared accounts have traditionally been a security blind spot, lacking both accountability and auditability, which leaves organizations vulnerable to unauthorized access," said Hemen Vimadalal, CEO of 1Kosmos. "With 1Kosmos 1Key, we're delivering a biometric-driven solution that not only simplifies access but ensures each user interaction is secure and trackable. 1Kosmos enables organizations to safeguard shared environments without the risks associated with conventional passwords, raising the bar for transparency and compliance across industries."

Transforming Shared Login and OT Security

1Kosmos 1Key is already making a difference for companies facing these challenges. In industrial automation, a global leader in industrial automation and digital transformation technologies is implementing 1Kosmos 1Key for two key use cases:

Identity proofing and multi-factor authentication (MFA) for customers - When new users transition from prospects to customers, they must undergo identity proofing. Once successfully verified, they gain access to the appropriate applications. Upon login, they are prompted for 1Kosmos MFA, ensuring secure authentication through email or SMS OTP.

Biometric authentication for shared workstation logins - With 1Kosmos 1Key, workers authenticate using their Active Directory (AD) username and registered fingerprint. Once validated, they can select from a list of shared accounts they are authorized to use. The system seamlessly retrieves the shared credential from CyberArk's vault, submits it to the workstation, and logs the user in.

This approach eliminates the risks of credential sharing, unauthorized access, and operational downtime, helping protect critical industrial automation processes.

"In traditional manufacturing, legacy authentication often relies on shared usernames and passwords used across systems by various personnel, which presents security risks and adds complexity to user management," said Mike Engle, Chief Security Officer for 1Kosmos. "By integrating biometric authentication, we replace these vulnerabilities with individualized access that ensures accountability and provides a detailed audit trail for every interaction. This approach strengthens the security of critical assets but also simplifies the authentication process, offering employees a seamless, secure way to access their work environments."

The 1Kosmos 1Key Advantage

Phishing-Resistant Passwordless Access: 1Kosmos 1Key leverages FIDO-compliant biometrics for secure, password-free login to any authorized shared account, improving overall security and minimizing the risk of phishing attacks.

Centralized Credential Management: Seamlessly integrates with credential management systems, such as CyberArk, to automate password entry and provide a transparent access experience for users, eliminating the need for manual password handling.

Enhanced Accountability: Every access event is tied to an individual user's biometric authentication, ensuring accountability and creating an auditable trail for security and compliance purposes.

Scalable and Adaptable: Supports one-to-many environments, making it ideal for large organizations where many users require access to shared workstations without the need for individual credentials.

Cost Reduction: Enables organizations to deploy biometric security keys to workstations supporting multiple users, eliminating the cost, overhead and security vulnerabilities associated with traditional keys issued to individuals, including lost and stolen keys and unauthorized sharing.

Privacy-Preserving: Fingerprints do not leave the scanner and subsequently are never stored in a centralized location. This prevents data breach risks associated with traditional biometric authentication systems.