Addressing the Factory Floors' Weakest Security Point

Elevating login and authentication practices without sacrificing uptime.

Encryption
Juan Martinez
January 8, 2026

The threat landscape for manufacturers has shifted dramatically over the past year. According to data from cybersecurity firm KELA, attacks against the manufacturing sector grew by 61% year-over-year in 2025, the highest rate of any industry.

Just consider the global brands impacted over the last year: Jaguar Land Rover, Bridgestone and Nucor.

The threat has been building for a while. In recent years, companies like Clorox, Toyota and Bridgestone (again) have also been targeted, alongside many others. Ransom payments and remediation costs alone total in the billions without even accounting for the financial blow of production delays, rising insurance premiums and long-term reputational damage.

What’s driving the surge? As cyber attacks grow more sophisticated, hackers are taking advantage of weak — or more often, nonexistent — authentication practices that allow them to move between connected systems that were never designed with security in mind.

Every month of delay widens the exposure window. Strengthening identity access control with modern solutions, including passwordless authentication, are no longer future-state initiatives.

Passwordless Authentication

Manufacturers are taking steps to harden their environments by separating IT and OT networks and limiting exposure of new web-based applications by hosting them locally at each facility. Those efforts help isolate cyber risk, but they don’t address a major underlying vulnerability: critical systems remain accessible without strong identity controls.

Many manufacturing sites still operate without significant restrictions on workstation access. Operators can walk up to an HMI or shared terminal and change production parameters without any verification of identity or authorization. In facilities that do enforce logins, it’s common to see shared passwords or credentials posted directly at the workstation — practices that offer little protection and leave no audit trail when issues occur.

These practices leave the door open for unauthorized users to alter production processes, potentially causing downtime, quality issues or safety incidents.

Passwordless authentication can help reduce that gap. Secure badge readers paired with software give each operator a reliable way to verify their identity before interacting with production systems. This eliminates shared passwords and creates clear accountability for every action taken on the line. It also aligns with emerging regulatory expectations, including multifactor authentication requirements under NIS2.

Additionally, passwordless authentication can be used to secure non-windowed environments like programmable logic controllers (PLCs). Typically, HMIs send commands to PLCs to execute processes on the manufacturing floor. However, hackers can find ways to bypass windowed workstations and directly access PLCs, which have limited security options. Extending identity-based controls through credential readers to this layer is essential for defending against sophisticated threats.

The rising volume of cyber attacks on manufacturing facilities has made stronger authentication a strategic imperative. Here are three areas where the impact could be most immediate:

  1. Protect the shared supply chain. As manufacturing becomes more digitally integrated, weak access points can put entire supply chains at risk. In one high-profile example, semiconductor manufacturer Applied Materials suffered a supply-chain ransomware attack in 2023 that originated at one of its suppliers. The incident ultimately cost the company an estimated $250 million in lost sales. Passwordless authentication strengthens identity security across shared operational networks, helping protect manufacturers from cascading vulnerabilities.
  2. Protect your assets. Role-based passwordless access control (RBAC) allows manufacturers to pinpoint who accessed what, and when. Beyond enabling a clear audit trail and strengthening defenses against external threats, it also fosters a culture of accountability and continuous improvement. Here’s a real-world example from an rf IDEAS client: A paint manufacturer using shared workstations and weak passwords struggled with production errors, averaging 12 bad batches per week. After implementing RFID-based identity controls, batch errors fell to just one in the first week. Over the course of a year, the manufacturer saved an estimated $2.5 million. That’s just the operational upside. The security upside is equally significant when you consider that the average cost of a data breach in the industrial sector now exceeds $5.5 million.
  3. Improve the operator and administrator experience. Passwordless authentication simplifies access for operators. Instead of remembering and typing passwords and pins — often while wearing gloves — operators can simply tap a badge or credential. This reduces login friction, speeds up shift transitions and minimizes the temptation to share credentials. Administrators benefit too. Managing user access becomes easier and more scalable when credentials are tied to verified identities, not generic logins. Instead of manually updating passwords or login info when roles change, admins can adjust permissions centrally and in real time. 

Production teams need fast, reliable access to the systems they use every day and security must reinforce that workflow rather than slow it down. 

Related Stories
People Cyber Metamorworks
Cybersecurity
Breaking the Federal Cybersecurity Compliance Bottleneck
Insider Threat Leo Wolfert
Cybersecurity
How Cybercriminals Identify, Nurture Insider Threats
Ep159tn
Cybersecurity
Security Breach: Shiny Objects and the Power of Preparation
Peach Istock Ai Cyber
Cybersecurity
Predicting the Six Biggest Impacts AI Will Have on OT Cybersecurity
More in Cybersecurity
Cybersecurity
Automotive Ransomware Attacks More Than Doubled in 2025
More AI, expanded autonomous technologies and evolving threat actors are elevating cyber risks.
Automobile Cockpit, Various Information Monitors And Head Up Displays
Cybersecurity
SBOM Regs Rolled Back
The two Biden-era memoranda required agencies to obtain software security attestations before deployment.
Us Binary Flag Mirsad Sarajlic
Cybersecurity
Threats Targeting Employee Credentials Surge 389 Percent
Credentials are being stolen in as little as 14 minutes.
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Shadow AI Threats Grow
Productivity pressures are pushing many to bypass safeguards, increasing exposure to data leaks.
Insider Threat Leo Wolfert
Cybersecurity
Report Shows AI-Enabled Threats As Top Concern
AI could help hackers take greater advantage of visibility shortcomings.
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
The Domino Effect of a Data Breach
Here are some strategies to detect breaches faster and limit their capacity for damage.
Coding
Cybersecurity
AI Won’t Replace the Cybersecurity Workforce, But It Will Redefine It
AI is framed as a multi-faceted solution, but the conversation often goes off course.
Ai Your Photo
Cybersecurity
Security Breach: Strengthening Your Weakest Links
All the little things can kill a cybersecurity strategy, but there are ways to tie them all together.
Ep157
Cybersecurity
The Rise of Identity and Data Security Dependency
Predictions on what will shape industrial cybersecurity in 2026 and beyond.
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Securing the Edge in AI-Enabled Smart Factories
Growing data needs have manufacturers between a rock and a hard place.
Sase Supatman
Cybersecurity
How AI Is Transforming Cybersecurity Threats in 2026
Social engineering, deep fakes and more will benefit from the evolution of artificial intelligence.
Deepfake Orhan Turan
Cybersecurity
Inside The Mind of a Hacker
The report details how hackers are moving to a more collaborative, AI-enhanced approach.
General Cyberattack
Page 1 of 55
Next Page