Security keys, biometrics offer necessary protection in age of deepfakes

Okta has released its business in Business at Work 2025 report, detailing the current threat landscape and the range of digital identity tools that can combat it. This year marks the tenth edition of Okta’s report, and CEO Todd McKinnon says that in a decade of change, two constants have remained: security and collaboration.

“Cloud storage, video conferencing, and ever-more-powerful collaboration apps have made it easy for globally distributed teams to work together,” McKinnon writes. “But securing this expanding perimeter while keeping the experience smooth for users is an ongoing challenge for today’s global businesses.” The year’s top three fastest-growing apps are all security focused, as multiple industries lean toward more sophisticated security tools.

Key findings in the Okta report reflect a world in which AI has increased the amount of digital fraud by orders of magnitude, and regulations are transforming how businesses operate.

“Compliance is the hottest security tool category,” says a representative from Okta; “with the rise of automation and data gathering, the number of companies deploying data compliance tools grew 50 percent YoY, after 120 percent the year prior – by far the fastest growth among security tools.”

ID Proofing tools are next in line with 11 percent YoY growth, “popping up as a high priority with CISOs because of the need for ID verification to prevent deepfake attacks and establish secure onboarding.”

Regarding passwordless authentication, the report says “the passwordless future may be closer than we think,” noting that the annual volume of passwordless authentication with Okta’s FastPass is up 377 percent year over year.

As preferred security factors, security keys and biometrics are on the rise: “high-assurance factor WebAuthn (FIDO2) officially became a W3C standard in 2019, bursting onto our factor radar at the end of that year,” Okta says. “Today, this passwordless authentication factor ranks

sixth on our list. And we welcome YubiKey OTP to the top 10.”

Security key or biometrics usage is up 30 percent YoY by number of customers among Fortune 500 companies. And one in five passwordless authentications are now backed by biometrics in Canada, Germany, South Korea, Israel, the UK and Australia.

Okta concludes the report with a note on digital identity maturity, suggesting that “companies will continue putting identity at the heart of their security posture as organizations augment their stacks with multiple layers of identity-backed defense so they can operate with confidence.”

Keyless Releases Multilayered Deepfake Detection Solution

Keyless has launched a new injection attack detection capability. A release from the UK firm says the feature leverages machine learning to combine “system-side resilience – identifying compromised devices with unusual activity – and content-based resilience, which detects biometric anomalies.”

Targeted at banks, fintechs, cryptocurrency platforms and other high-risk industries, Keyless’ biometric authentication system offers three lines of deepfake defense. Genuine Identity Assurance requires both a user’s face and their enrolled device for authentication. Presentation attacks detection (PAD) with passive liveness looks at natural indicators such as light reflection and vein recognition to tell real faces from deepfakes.

And injection attacks are where analyses of aberrant device behavior come into play. Per the release, Keyless detects compromised devices displaying risky behavior and uses machine learning to analyze biometric inconsistencies.

Keyless CTO Paolo Gasti says “deepfake technology is evolving very quickly and security companies must keep pace. By identifying compromised devices as well as manipulated biometric data, our injection attack protection offers strong protection against AI-based threats without compromising user privacy.”

Deep thoughts on deepfake injection attacks from authID

A new whitepaper from authID, “Deepfake Countermeasures,” also hones its sights on the evolving deepfake threat, including injection attacks, synthetic identities and other nefarious tactics.

“As deepfake technology continues to advance exponentially, traditional authentication methods are increasingly vulnerable,” says Rhon Daguro, CEO of authID, in a release. “Our report demonstrates that combining advanced AI with privacy-first, facial biometric authentication creates an unprecedented level of security while maintaining seamless user experience.”

In its section on how to prevent injection attacks (and how to fail), the report gets in-depth on why verification systems that simply name cameras aren’t offering enough protection.

The answer, says authID, is to “watch the destination. Did the image that arrived at the server, ready to be validated, originate from where it was supposed to? If it shows up without the right credentials, so to speak, it’s not valid. This means coordination of a kind between the front end and the back. The server side needs to know what the front end is sending, with a type of signature. In this way, the final payload comes with a star of approval, indicating its legitimate provenance.”

“The integrity of the originating device is also in play. Has the phone or desktop been compromised? Is there additional hardware plugged in that imperils the legitimacy of the image capture? Have software tools been employed to inject images into the camera itself without an actual picture being taken?”

The questions on deepfakes will keep coming, as the tech comes to saturate the online world. (We have already seen this with AI images and search.) Firms like Okta, Keyless and authID have their fingers on the pulse – but deepfakes will be everyone’s problem soon enough.

Article Topics

authID  |  biometrics  |  deepfake detection  |  deepfakes  |  fraud prevention  |  injection attacks  |  Keyless  |  Okta  |  synthetic identity fraud