As digital identity continues to evolve, the industry is reaching an inflection point where convenience, privacy, and trust must coexist. In his closing keynote at Authenticate 2025, Aware CEO Ajay Amlani explored the future of biometrics in a passwordless world, and why the key to digital trust lies not in credentials or devices, but in human identity itself.
The True Home of Identity Lives in People, Not Systems
Ajay began with a fundamental truth: identity lives in humans, not in credentials or systems. Biometrics are simply a translation layer, or a way to replicate the natural human process of recognizing and verifying one another.
From fingerprints to facial recognition, these physical traits have always been core to identity. Now, thanks to ubiquitous device sensors (aka cameras and microphones on most smartphones), and a dramatic shift in consumer acceptance, biometrics are becoming the default way users prefer to verify themselves — securely, instantly, and without remembering a password.
From MFA to Passkeys: Rethinking Authentication Factors
Traditionally, multi-factor authentication (MFA) relied on three factors:
- What you know (a password or PIN)
- What you have (a device or token)
- Who you are (a biometric trait)
As Ajay noted, the first factor has failed us. Passwords have been compromised at scale, and AI has made it easier than ever to impersonate “who you are.” The future of authentication, especially within FIDO frameworks, lies in factors two and three, combining device possession with verified biometrics to create strong, phishing-resistant trust.
Device Biometrics vs. Account Biometrics: Not All Matches Are Equal
Many people assume that the face or fingerprint unlock on their phone is enough — but Ajay clarified the distinction:
- Device-based biometrics verify you own the phone.
- Account-linked biometrics verify you are the right user behind the account.
For enterprises and service providers, this distinction is critical. While consumer devices use biometrics as a convenience layer, true identity verification requires biometrics tied to a validated credential, such as a government-issued ID or employee record.
Ajay’s example from a global airline executive underscored the irony: even companies that are hesitant to “store biometrics” actually already do — every employee ID badge includes a name and face. The question isn’t whether to use biometrics; it’s whether failing to use them for verification has become irresponsible in a world of escalating identity fraud.
Why Biometrics Matter for a Passwordless Future
Passkeys represent a powerful evolution in authentication, but they don’t operate in a vacuum. Password managers and centralized key storage are already emerging as new targets for attackers. True security, particularly for high-value transactions, demands an additional assurance layer.
That’s where biometrics amplify the strength and usability of passkeys. As Ajay put it, passkeys prove device ownership, but biometrics plus liveness detection confirm the real, present, and right person behind the device — making authentication both more secure and more human.
Best Practices for Deploying Biometrics
For organizations integrating biometrics into authentication systems, Ajay outlined several best practices:
- Prioritize privacy and security: Store biometric data responsibly — ideally as encrypted, air-gapped representations, not raw images.
- Own your templates: Maintaining control over the biometric template ensures flexibility and avoids vendor lock-in.
- Use multimodal biometrics: Support for face, voice, and fingerprint enhances inclusivity and resilience.
- Adopt liveness detection: Certified liveness solutions (like Aware Intelligent Liveness) help prevent spoofing and deepfakes.
- Leverage privacy-enhancing tech: Techniques like sharding and tokenization strengthen protection and prevent biometric reconstruction.
Biometrics + Passkeys: The Next Phase of Digital Trust
The convergence of biometrics and passkeys marks the beginning of a new era in authentication, one where identity verification is seamless, secure, and deeply human.
As Ajay highlighted, the Awareness Platform incorporates multimodal biometrics, multi-party computation, and advanced encryption to enable the creation of irreversible biometric tokens that integrate directly into passkey frameworks. This approach not only enhances security but aligns with the privacy-by-design principles shaping the next generation of identity systems worldwide.
Looking Ahead: From Passwordless to Trustworthy
In a world moving rapidly toward agentic commerce and AI-driven interactions, identity must remain anchored to humans. Biometrics, when deployed responsibly, ensure that trust — the foundation of every transaction — stays where it belongs.
As Ajay concluded,
“Nothing is as trustworthy as a human identity. Biometrics don’t replace it, they reveal it.”
