Source: Carlos Castilla via Alamy Stock Photo
Just about everyone is familiar with the annoying process of becoming locked out of an account and needing to reset a password. Whether it's forgetting a log-in after months of disuse or being forced to prove your identity to regain access, the experience can be frustrating, time-consuming, and — ironically — less secure than the original authentication process.
"People lose their credentials all the time. Resetting passwords is manual and often less secure than the regular process," says Bruce Schneier, who recently joined the advisory board of Nametag, which focuses on challenges such as artificial intelligence (AI) manipulated documents and remote user verification. The need for robust identity verification (IDV) solutions has become one of the most pressing challenges for organizations today, he says.
One of the biggest security challenges enterprises have to deal with is to reliably verify who someone is, especially in a digital world. Attackers are increasingly exploiting weak identity systems to steal credentials, impersonate users, and gain access to sensitive data. Recent advances in cyber threats, including AI-driven deepfakes and credential theft, have outpaced many legacy verification methods.
"Identification answers, 'Who are you?' Authentication says, 'Prove it,' and authorization tells us, 'What can you do?'" Schneier says, noting that identity verification sits at the intersection of people, technology, and trust.
While authentication systems like two-factor verification can confirm credentials, they often fail to answer the bigger question of identity. For example, traditional systems, such as passwords, scanned documents, or biometric authenticators, can be vulnerable to fraud and tampering. Schneier notes that early fingerprint scanners could be fooled with "gummy finger replicas," and face recognition systems could be tricked with simple photographs.
These weaknesses underscore the more pervasive challenge of bridging what Schneier calls the "keyboard-to-chair" gap — ensuring that the physical person matches their digital credentials. These days, adversaries are adopting increasingly sophisticated techniques to steal credentials in an attempt to get between the keyboard and the chair.
Deepfake technology has introduced a new layer of concern, where AI-generated images or videos can mimic biometric data convincingly. The result is a growing risk landscape where IDV failures fuel financial fraud, ransomware attacks, and nation-state cyber-espionage.
Beyond the security risks, weak identity verification comes with significant costs for organizations. Credential loss and resets remain one of the largest IT burdens for businesses, consuming time and resources. Onboarding new users poses similar challenges, especially for enterprises needing to verify employees, customers, or partners at scale. Inefficient IDV systems result in delays, poor user experience, and a reliance on insecure methods, like manually uploading identification documents.
Any solution to identity verification must address these emerging threats head-on, Schneier says.
"This will be an arms race between attackers and defenders," he adds.
What Makes Modern IDV Different?
IDV companies like Nametag are focused on balancing robust security, scalability, and usability while keeping pace with the increasingly sophisticated tools used by threat actors, Schneir says. Modern solutions incorporate multiple layers of verification to address emerging threats. For example, Nametag's Deepfake Defense technology detects and blocks AI-generated identity documents and advanced injection attacks — both of which have become critical pain points as deepfakes and synthetic media evolve.
Traditional methods also typically require users to manually upload identification documents, creating friction and vulnerabilities that adversaries can exploit. Requiring users to download additional apps or software to verify their identity is a common deterrent to adoption, Schneier says.
In addition to thwarting sophisticated attacks, modern IDV systems can streamline practical use cases for enterprises, including automating credential recovery processes, onboarding new employees or customers, and verifying users for sensitive transactions or account access.
“This to me solves a corporate pain problem — and that's the cost of regenerating people's credentials when they lose them or onboarding new users," Schneier says. "It's better, faster, and more secure.”