Countering deepfakes: 5 best practices to follow

With deepfake and spoofing attacks becoming more frequent, how to protect organizations against these attacks has become important for end users. This article looks at some of the best practices that can effectively help users counter deepfake and spoofing threats.
 

Use multifactor authentication

 
Since deepfake and spoofing attacks use faked face, voice or other biometric identities, it’s advisable that users deploy multifactor authentication (MFA) where the “what you have” and “what you know” factors are also employed.
 
“MFA is essential for securing highly restricted areas. The most common method now is a combination of mobile access and biometrics. Suprema supports the industry’s most extensive range of multi-credential options, including facial authentication, fingerprint recognition, mobile access, QR code, barcode, PIN, and RFID. Implementing MFA with Suprema's diverse options provides a higher level of protection for high-security areas,” said Hanchul Kim, CEO of Suprema. “Suprema offers strong biometric performance and robust mobile solutions, allowing users to use their smartphones as keys to access doors in combination with additional authentication methods.”
 

Choose systems with liveness detection

 
It’s important that users choose access control solutions that have anti-spoofing and anti-deepfake capabilities, such as liveness detection which ensures that the subject is live, not a video or mask. In fact, liveness detection is already a standard feature in a variety of biometrics solutions. Together, liveness detection and other anti-spoofing capabilities can help counter deepfake threats for end users in various vertical markets, especially ones that are more critical in nature.
 
“High-assurance environments – such as critical infrastructure, government, banking, defense, and aviation – have the most to gain. In these sectors, a single spoofed credential could compromise operations at scale. Strong spoof mitigation is also crucial in remote identity proofing for eKYC and digital onboarding, where there’s no physical oversight. Essentially, any sector that values integrity of access and identity validation stands to benefit,” said Alex Tan, Region Sales Head for ASEAN and East Asia at IDEMIA.
 
“Sectors like banking, government, healthcare, critical infrastructure, and corporate R&D face the highest risk. These industries are not only targeted more frequently – they also face stricter regulations and house more valuable assets. For example, banks are already seeing AI voice clones used to bypass phone-based verification. Governments face nation-state threats that involve biometric impersonation. Healthcare institutions risk patient data exposure through spoofed staff logins. Each of these verticals benefits from customized solutions – whether it's vein biometrics for secure facility access, voice spoof detection for call centers, or dynamic facial recognition for remote identity verification,” said Kumar Ritesh, Founder and CEO of CYFIRMA.
 

Update firmware

 
Better defense against deepfakes and spoofing can also be achieved through updates to the firmware, the low-level software that controls the hardware of a device. New firmware can include updated anti-spoofing algorisms to detect deepfake or spoofing attempts. Further, some modern biometrics systems use embedded AI models, which can be updated through firmware upgrades. Finally, firmware upgrades can patch security vulnerabilities that may be exploited by attackers, who can for example inject spoofed data into the system.
 

Monitor, train and audit

 
It’s also important to constantly monitor access logs to flag unusual access patterns or suspicious access control attempts. Training staff and users to recognize signs of identity fraud or synthetic impersonation is also key – human vigilance complements technology, especially in spotting social engineering. Finally, auditing system performance regularly is also crucial. “It’s important to regularly audit biometric systems to test their resilience against spoofing attacks and stay updated on emerging threats,” said Francesco Cavalli, Co-Founder, COO and Head of Threat Intelligence at Sensity AI.
 

Choose reputable vendors

 
Finally, it’s important to use access control solutions from reputable vendors who actively invest in cutting-edge anti-deepfake technologies based on AI and machine learning, regularly update their models in keeping with the latest deepfake generation methods, and have proven track records in countering deepfake/spoofing attacks. “For high security deployments and where security is non-negotiable, seek trusted brands that uses government grade algorithms in its authentication architecture,” Tan said.