Identity verification shifts in 2025 and what they mean for business and consumers [Q&A]
Generative AI is already defeating traditional identity verification (IDV) methods like knowledge-based authentication, 2FA, and more.
This shift is likely to see the acceleration of new forms of IDV in 2025 that place a greater emphasis on ensuring they're both more secure and easy for people to use. This will result in a convergence of customer identity and access management (CIAM) which essentially gives customers more control over their identity and verification.
We talked to Anna Pobletts, head of passwordless at 1Password, to find out more about these developments.
BN: How is AI changing traditional identity verification methods, such as knowledge-based authentication and 2FA, and what does this mean for the future of IDV?
AP: AI continues to challenge traditional IDV methods like knowledge-based authentication (KBA) and two-factor authentication (2FA), particularly through the rise of quality deepfakes. With deepfake technology becoming increasingly sophisticated and affordable, it is easier to create highly realistic fake images, undermining the reliability of mobile document uploads and selfies as verification tools. In addition, AI has made it trivial to create even more realistic phishing emails that can be used to steal passwords. These advancements diminish trust in conventional IDV systems, and open the door for attackers to replicate visual identity elements with little effort or expense, increasing vulnerability to fraud.
As a result, the IDV ecosystem will start to transition toward more secure, cryptographically reliable technologies by 2025. Emerging solutions, such as verifiable digital credentials (VDCs) and mobile driver's licenses (MDLs), are expected to become the standard over the next few years, offering tamper-proof verification through cryptographic proofs.
These advanced systems will be resistant to deepfakes and other AI-driven threats, providing stronger protection for digital identities and ensuring greater security as AI technology continues to evolve.
BN: How will the user experience of AI-powered IDV change over the next year? What potential risks may arise?
AP: Over the next year, I expect the user experience of AI-resistent IDV to be more important than AI-powered IDV. While AI tools may be used to detect deepfakes or other forms of fraud, this will likely evolve into a constant 'cat and mouse' game, where AI systems are continually trying to outpace one another. As a result, the real breakthrough in IDV will come from leveraging cryptographic technologies that AI cannot easily undermine, offering users more reliable and secure alternatives to traditional methods.
By storing digital credentials securely, in offerings such as 1Password or Apple Wallet, users streamline the ability to prove ownership of their identities through a simple device swipe or tap. This frictionless, secure process improves convenience, but also reduces the vulnerabilities inherent in traditional verification methods.
BN: What can organizations do to ensure these methods are both secure and simple for users to adopt?
AP: Generative AI is already defeating traditional IDV methods like knowledge-based authentication, 2FA and more. In response to this shift, we’ll see the acceleration of new forms of IDV in 2025 that place a greater emphasis on ensuring these new methods are both more secure and easy for people to use.
To ensure both security and simplicity in IDV, organizations should adopt a standards-based approach. Standards like VDCs and MDLs were specifically designed by experts to balance security, privacy and user experience. VDCs and MDLs are built to protect against identity theft and fraud. Individuals need to trust their personal information is protected and secure. When users encounter the same secure, seamless verification processes, it improves trust and simplifies the adoption of this technology.
By integrating these established standards, organizations can provide secure, tamper-proof verification methods that users can trust.
BN: As customer identity and access management converges with identity verification methods, how will customers' control over their identities evolve in 2025?
AP: As customer identity and access management (CIAM) converges with identity verification methods in 2025, customers will experience greater control over their personal data. One of the most exciting features of VDCs is that they allow individuals to selectively share only the necessary information with services. Unlike traditional IDV methods, where users often have to upload sensitive documents like a driver’s license, VDCs enable users to prove specific attributes, such as residency, without disclosing sensitive details like their address or date of birth.
In addition, while the future of access management is changing, simply securing customers’ managed applications is no longer enough.
BN: What will the future of multi-factor authentication look like? Where do passkeys fit into this future?
AP: In 2025, MFA will be more crucial than ever as AI-driven phishing attacks continue to evolve. These attacks have become increasingly complex, with phishing emails now tailored to specific individuals, making them more successful. Additionally, traditional security questions are becoming weaker, leaving accounts vulnerable. Businesses must extend beyond traditional IAM to also secure unmanaged applications and devices that have become integral to the way we work today.
Strong MFA solutions, particularly passkeys, will play a pivotal role in ensuring both quick and secure logins. Passkeys eliminate the need for passwords altogether, providing a reliable, strong barrier against these advanced phishing attempts, reducing the risk of credential theft.
The combination of IDV and passkeys offers a promising future to protect trusted identities and login credentials against evolving AI attackers. This evolution will lead to a more seamless, secure user experience while maintaining high levels of protection, making it significantly harder for malicious actors to compromise accounts, even with the advancements in AI-based threats.
Image credit: IgorVetushko/depositphotos.com