Deepfakes in 2026: What’s Real, What’s Hype?

1 September 2025

Deepfakes have come a long way. From political hoaxes to job interview scams, synthetic video and audio are already being used to trick ID verification systems around the world.
In 2025, we saw reports of North Korean operatives using deepfakes to pass remote job interviews. And according to the World Economic Forum, over 40% of companies faced a deepfake-related threat last year.
But how much of this applies to authentication?
Right now, the biggest impact is on identity verification (IDV), especially video-based onboarding. Fraudsters can replay videos, inject manipulated footage, or spoof interviewers in real-time.
But authentication is harder to crack.
To fool a biometric authentication system at scale, fraudsters would need to:
  • Recreate a person’s face convincingly.
  • Inject the fake into the camera feed.
  • Bypass device-level security checks.
That’s a high bar. And there are still easier ways to break in, like phishing SMS OTPs or re-registering FaceID on a stolen phone.
But deepfakes are evolving. And in the next 1-2 years, the risk to authentication will grow. That’s why organizations need to prepare now.
Our 2026 report outlines three layers of defense every biometric system, both verification and authentication, must have:
  • Presentation attack detection: spotting replayed or manipulated media.
  • Injection attack protection: blocking tools that fake the device feed.
  • Device + face verification: requiring both for authentication.
Keyless already deploys all three, including passive liveness detection and certified injection attack resistance.
Deepfakes might not be the main threat to authentication, but in 2026 they will begin to be.
Don’t miss our full analysis in The State of Authentication 2026, launching this October. The State of Authentication 2026 report will cover the five key forces reshaping authentication in the year ahead.
  • Stricter privacy and biometric compliance laws – and why decentralized biometrics are emerging as the only viable long-term solution.
  • Digital identity wallets – and how they’re set to replace traditional KYC and recovery flows.
  • The collision of IPR and PSD3 – and what it means for fraud, liability, and real-time authentication.
  • The evolving deepfake threat – and how organizations can future-proof their biometric systems today.
  • The limitations of passkeys – and why they’re not enough for high-risk scenarios.
Read Next
Blog
Authentication vs Authorization: What’s the Difference and Why it Matters
In this blog, we’ll break down authentication vs authorization in simple terms, explain why both are essential, and show how Keyless handles authentication in a more secure and private way.
Read Now
Blog
Phishing-Resistant MFA: What It Is and Why You Need It
In this blog, we’ll explain what phishing-resistant MFA is, why it’s essential for securing accounts and preventing breaches, and how businesses can implement it to protect both users and sensitive data.
Read Now
Blog
Passkeys Are Here to Stay. But Don’t Bet Everything on Them
Passkeys improve UX but struggle in high-risk scenarios like recovery or large transactions. Where do biometrics fit in? Read our preview blog ahead of the publication of the 2026 Authentication Trends Report.
Read Now
Consumer SolutionsWorkforce SolutionsTechnologyIndustriesResourcesCompanySupport Center
PSD2/SCA CompliantPSD2/SCA Compliant
GDPR CompliantGDPR Compliant
CCPA CompliantCCPA Compliant
FIDO2 CertifiedFIDO2 Certified
FIDO Biometrics CertifiedFIDO Biometrics Certified
ISO 27001 CertifiedISO 27001 Certified
ISO 9001 CertifiedISO 9001 Certified
ISO/IEC 30107-3 CertifiedISO/IEC 30107-3 Certified
NIST AccreditedNIST Accredited
eIDAS Module CertifiedeIDAS Module Certified
© 2025 Keyless. All rights reserved.
Cookie Settings