Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Biometrics, passwords, and deepfakes: what IAM teams need now


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9059
Topic starter  

TL;DR: Biometric adoption is being pushed by password fatigue, fraud growth, and deepfake risk, with iProov citing figures such as 72% of consumers preferring face biometrics, 48% questioning almost everything online, and 62% of organisations experiencing a deepfake attack in the past year. Password-based trust is no longer a stable security baseline for digital identity.

NHIMG editorial — based on content published by iProov: biometric statistics on passwords, deepfakes, onboarding, and digital identity

By the numbers:

Questions worth separating out

Q: How should security teams reduce dependence on passwords in customer identity journeys?

A: Security teams should reduce password dependence by treating password recovery, reset, and fallback flows as high-risk identity events.

Q: Why do biometrics matter more as deepfake fraud becomes more common?

A: Biometrics matter because deepfakes weaken the reliability of visual and voice-based judgement in remote identity flows.

Q: What do organisations get wrong when they deploy face biometrics?

A: The common mistake is treating face verification as a complete trust decision rather than one signal inside a larger identity process.

Practitioner guidance

  • Map password recovery as a privileged trust path Review every reset, recovery, and account unlock flow to see whether it grants more trust than the original login.
  • Tie biometric use to assurance levels Use biometrics where the enrolment process, device binding, and liveness checks can support the required assurance level.
  • Harden workflows against synthetic media Add explicit anti-spoofing, challenge-response, and manual escalation paths for onboarding and support flows that can be targeted by deepfake fraud.

What's in the full article

iProov's full article covers the raw biometric, fraud, and onboarding statistics this post intentionally leaves at the analytical level:

  • The full breakdown of consumer preference data across biometric, password, and onboarding journeys
  • The detailed fraud and identity theft figures behind the article's conclusions on password weakness
  • The onboarding, KYC, and digital identity survey statistics that support implementation decisions
  • The deepfake perception data and market figures that practitioners can use in business cases

👉 Read iProov's biometric statistics roundup on passwords, fraud, and deepfakes →

Biometrics, passwords, and deepfakes: what IAM teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8498
 

Passwords are becoming a brittle identity control, not a durable trust anchor. The article's data reinforces a pattern NHIMG has tracked for years: passwords create cost, friction, and exposure, while still failing as a meaningful proof of identity. As credential theft, reuse, and recovery abuse continue to dominate, the issue is not just authentication weakness but the fact that password-based assurance no longer scales with modern fraud pressure. Practitioners should treat password dependence as a legacy control that is already out of step with current attack conditions.

A few things that frame the scale:

  • 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which means most NHI programmes still cannot confidently answer who or what has access.

A question worth separating out:

Q: How can organisations tell whether biometric authentication is actually working?

A: Look beyond adoption metrics and measure fraud loss, onboarding completion, help desk escalation, and account recovery risk. If biometrics reduce friction but fraud or exception handling remains high, the control is not delivering full assurance. A working biometric programme should improve both user experience and the reliability of identity decisions.

👉 Read our full editorial: Biometric trust is rising as passwords and deepfakes fail



   
ReplyQuote
Share: