Passkeys, deepfakes, and identity verification: what changed at Identiverse?

TL;DR: Identiverse 2024 highlighted passkey interoperability, faster phishing-resistant MFA adoption, and rising pressure to unify verification and authentication as deepfakes and fragmented identity checks complicate trust, according to 1Kosmos. The signal for practitioners is clear: user-friendly assurance and identity proofing are converging, while legacy recovery and step-up patterns look increasingly brittle.

NHIMG editorial — based on content published by 1Kosmos: Identiverse 2024 takeaways on passkeys, verification, and digital identity

By the numbers:

• Air New Zealand reported 25% of sign-ins using passkeys and a 30% opt-in rate within the first 24 hours.
• A 2015 breach affected 21.5 million federal workers' fingerprint data.
• Only 5.7% of organisations have full visibility into their service accounts.

Questions worth separating out

Q: How should IAM teams roll out passkeys without weakening account recovery?

A: Start by treating recovery as part of the authentication control, not a separate help desk function.

Q: Why do verification and authentication need to be governed together?

A: Because users experience them as one trust journey even when teams own them separately.

Q: What do teams get wrong about phishing-resistant MFA?

A: They often focus on the factor itself and ignore the exception paths around it.

Practitioner guidance

• Map the full passkey lifecycle Document enrolment, transfer, device replacement, and recovery for every passkey deployment so that policy decisions are explicit before scale.
• Harden fallback identity proofing Review every non-passkey fallback path, especially security questions, SMS OTP, and manual support resets, and set a higher assurance bar for those flows.
• Consolidate repeated verification points Identify where users are asked to prove identity multiple times across onboarding, authentication, and account recovery, then remove duplicate checks that add friction without improving assurance.

What's in the full article

1Kosmos's full article covers the conference observations and speaker themes this post intentionally leaves at a higher level:

• Speaker-by-speaker notes from Identiverse 2024 sessions on passkeys, verification, and customer identity
• The specific event examples that shaped the author's view of passwordless adoption and identity proofing
• Additional commentary on United Airlines, Air New Zealand, and the broader identity experience trends discussed at the conference

👉 Read 1Kosmos's Identiverse 2024 takeaways on passkeys and verification →

Passkeys, deepfakes, and identity verification: what changed at Identiverse?

Explore further

View Full Forum →  |  NHI Foundation Course →