Account takeover (ATO) strategies are evolving as 75% of consumers now use passkeys, making traditional credential stuffing less effective. Attackers are shifting their focus to identity verification processes, which remain less secure, as outlined in the 2026 Veriff reports.
Account takeover (ATO) has traditionally relied on automated credential stuffing attacks, which are becoming less effective as security improves. With passkeys adopted by a majority of users, the methods for gaining unauthorized access must now adapt.
As reported by the FIDO Alliance, 75% of global consumers have enabled passkeys for at least one account, and 68% of companies are using or testing passkeys for employee access. This trend indicates a significant shift toward passwordless authentication, which reduces the value of stolen passwords.
As attackers find it more difficult to exploit primary login methods, the focus has shifted to identity verification layers that still depend on user input. This includes account recovery and step-up verification processes, which have become opportunities for fraud.
Generative AI is making impersonation fraud more prevalent and convincing. According to Veriff's Identity Fraud Report 2026, digitally altered media is now 300% more likely to be encountered, contributing to a 4.18% rate of fraudulent verification attempts.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Account takeover (ATO) strategies are evolving as 75% of consumers now use passkeys, making traditional credential stuffing less effective. Attackers are shifting their focus to identity verification processes, which remain less secure, as outlined in the 2026 Veriff reports.