Deepfakes in 2026: What’s Real, What’s Hype?
1 September 2025
Deepfakes in 2026: What’s Real, What’s Hype?
1 September 2025
Deepfakes have come a long way. From political hoaxes to job interview scams, synthetic video and audio are already being used to trick ID verification systems around the world.
In 2025, we saw reports of North Korean operatives using deepfakes to pass remote job interviews. And according to the World Economic Forum, over 40% of companies faced a deepfake-related threat last year.
But how much of this applies to authentication?
Right now, the biggest impact is on identity verification (IDV), especially video-based onboarding. Fraudsters can replay videos, inject manipulated footage, or spoof interviewers in real-time.
But authentication is harder to crack.
To fool a biometric authentication system at scale, fraudsters would need to:
- Recreate a person’s face convincingly.
- Inject the fake into the camera feed.
- Bypass device-level security checks.
That’s a high bar. And there are still easier ways to break in, like phishing SMS OTPs or re-registering FaceID on a stolen phone.
But deepfakes are evolving. And in the next 1-2 years, the risk to authentication will grow. That’s why organizations need to prepare now.
Our 2026 report outlines three layers of defense every biometric system, both verification and authentication, must have:
- Presentation attack detection: spotting replayed or manipulated media.
- Injection attack protection: blocking tools that fake the device feed.
- Device + face verification: requiring both for authentication.
Keyless already deploys all three, including passive liveness detection and certified injection attack resistance.
Deepfakes might not be the main threat to authentication, but in 2026 they will begin to be.
Don’t miss our full analysis in The State of Authentication 2026, launching this October. The State of Authentication 2026 report will cover the five key forces reshaping authentication in the year ahead.
- Stricter privacy and biometric compliance laws – and why decentralized biometrics are emerging as the only viable long-term solution.
- Digital identity wallets – and how they’re set to replace traditional KYC and recovery flows.
- The collision of IPR and PSD3 – and what it means for fraud, liability, and real-time authentication.
- The evolving deepfake threat – and how organizations can future-proof their biometric systems today.
- The limitations of passkeys – and why they’re not enough for high-risk scenarios.
Read Next
Blog
Passkeys Are Here to Stay. But Don’t Bet Everything on Them
In this blog, we’ll explain what phishing-resistant MFA is, why it’s essential for securing accounts and preventing breaches, and how businesses can implement it to protect both users and sensitive data.Read Now
Blog
Passkeys Are Here to Stay. But Don’t Bet Everything on Them
Passkeys improve UX but struggle in high-risk scenarios like recovery or large transactions. Where do biometrics fit in? Read our preview blog ahead of the publication of the 2026 Authentication Trends Report.Read Now
Blog
IPR + PSD3 Combined: A Perfect Storm for European PSPs
Instant payments in <10 seconds and new liability for scams under PSD3 will reshape the European payments landscape in 2026. Where does this leave authentication? Read our preview blog ahead of the publication of the 2026 Authentication Trends Report.Read Now
Consumer Solutions
Workforce Solutions
PSD2/SCA Compliant
GDPR Compliant
CCPA Compliant
FIDO2 Certified
FIDO Biometrics Certified
ISO 27001 Certified
ISO 9001 Certified
ISO/IEC 30107-3 Certified
NIST Accredited
eIDAS Module Certified