Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Passkeys, deepfakes, and identity verification: what changed at Identiverse?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Identiverse 2024 highlighted passkey interoperability, faster phishing-resistant MFA adoption, and rising pressure to unify verification and authentication as deepfakes and fragmented identity checks complicate trust, according to 1Kosmos. The signal for practitioners is clear: user-friendly assurance and identity proofing are converging, while legacy recovery and step-up patterns look increasingly brittle.

NHIMG editorial — based on content published by 1Kosmos: Identiverse 2024 takeaways on passkeys, verification, and digital identity

By the numbers:

Questions worth separating out

Q: How should IAM teams roll out passkeys without weakening account recovery?

A: Start by treating recovery as part of the authentication control, not a separate help desk function.

Q: Why do verification and authentication need to be governed together?

A: Because users experience them as one trust journey even when teams own them separately.

Q: What do teams get wrong about phishing-resistant MFA?

A: They often focus on the factor itself and ignore the exception paths around it.

Practitioner guidance

  • Map the full passkey lifecycle Document enrolment, transfer, device replacement, and recovery for every passkey deployment so that policy decisions are explicit before scale.
  • Harden fallback identity proofing Review every non-passkey fallback path, especially security questions, SMS OTP, and manual support resets, and set a higher assurance bar for those flows.
  • Consolidate repeated verification points Identify where users are asked to prove identity multiple times across onboarding, authentication, and account recovery, then remove duplicate checks that add friction without improving assurance.

What's in the full article

1Kosmos's full article covers the conference observations and speaker themes this post intentionally leaves at a higher level:

  • Speaker-by-speaker notes from Identiverse 2024 sessions on passkeys, verification, and customer identity
  • The specific event examples that shaped the author's view of passwordless adoption and identity proofing
  • Additional commentary on United Airlines, Air New Zealand, and the broader identity experience trends discussed at the conference

👉 Read 1Kosmos's Identiverse 2024 takeaways on passkeys and verification →

Passkeys, deepfakes, and identity verification: what changed at Identiverse?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Passkeys are becoming a governance problem, not just an authentication upgrade. The conference examples show that usability gains are now tied directly to policy decisions about enrolment, device transfer, and recovery. That means IAM teams have to think about how assurance survives across the full lifecycle of the credential, not only at the moment of login. Practitioners should treat passkey rollout as an identity programme design issue, not a factor swap.

A few things that frame the scale:

  • Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
  • 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.

A question worth separating out:

Q: How can organisations reduce repeated identity verification without losing assurance?

A: By standardising identity evidence across systems so the same subject is not forced to re-prove identity at every touchpoint. Centralised proofing policy, shared assurance signals, and tighter lifecycle governance reduce friction while keeping the trust decision consistent across onboarding, access, and recovery.

👉 Read our full editorial: Identiverse 2024 shows passkeys and verification are converging



   
ReplyQuote
Share: