Biometrics, passwords, and deepfakes: what IAM teams need now

TL;DR: Biometric adoption is being pushed by password fatigue, fraud growth, and deepfake risk, with iProov citing figures such as 72% of consumers preferring face biometrics, 48% questioning almost everything online, and 62% of organisations experiencing a deepfake attack in the past year. Password-based trust is no longer a stable security baseline for digital identity.

NHIMG editorial — based on content published by iProov: biometric statistics on passwords, deepfakes, onboarding, and digital identity

By the numbers:

• 72% of consumers globally would rather use face biometrics than passwords for secure online processes.
• Only 0.1% of participants could correctly identify all deepfake and real content, even when specifically told to look for fakes.
• 62% of organisations experienced a deepfake attack in the past year, according to Gartner.

Questions worth separating out

Q: How should security teams reduce dependence on passwords in customer identity journeys?

A: Security teams should reduce password dependence by treating password recovery, reset, and fallback flows as high-risk identity events.

Q: Why do biometrics matter more as deepfake fraud becomes more common?

A: Biometrics matter because deepfakes weaken the reliability of visual and voice-based judgement in remote identity flows.

Q: What do organisations get wrong when they deploy face biometrics?

A: The common mistake is treating face verification as a complete trust decision rather than one signal inside a larger identity process.

Practitioner guidance

• Map password recovery as a privileged trust path Review every reset, recovery, and account unlock flow to see whether it grants more trust than the original login.
• Tie biometric use to assurance levels Use biometrics where the enrolment process, device binding, and liveness checks can support the required assurance level.
• Harden workflows against synthetic media Add explicit anti-spoofing, challenge-response, and manual escalation paths for onboarding and support flows that can be targeted by deepfake fraud.

What's in the full article

iProov's full article covers the raw biometric, fraud, and onboarding statistics this post intentionally leaves at the analytical level:

• The full breakdown of consumer preference data across biometric, password, and onboarding journeys
• The detailed fraud and identity theft figures behind the article's conclusions on password weakness
• The onboarding, KYC, and digital identity survey statistics that support implementation decisions
• The deepfake perception data and market figures that practitioners can use in business cases

👉 Read iProov's biometric statistics roundup on passwords, fraud, and deepfakes →

Biometrics, passwords, and deepfakes: what IAM teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →