You’ve Never Met Them. You’re Giving Them Access to Everything.
of UK workers now work remotely at least part-time
lost in a single deepfake video call (Arup, 2024)
to verify with Certifyd
The reality of remote workers in the UK.
Identity verification for remote workers has become critical as deepfakes and AI-generated personas make visual verification unreliable. Certifyd uses bi-directional, device-bound authentication — both parties cryptographically prove their identity to each other in real time. Unlike video calls (where faces can be synthesised) or document checks (where PDFs can be forged), Certifyd verification is bound to a physical device through WebAuthn passkeys. You cannot deepfake a passkey. The result is cryptographic proof that the person on the other end of the connection is who they claim to be.
Remote and hybrid work has become the norm for millions of UK workers. 44% of the UK workforce now works remotely at least part-time. This means companies routinely grant system access, credentials, and sensitive information to people they have never met in person. The onboarding process for remote workers typically involves a video call and a document check — neither of which is proof against modern impersonation techniques.
Deepfakes have moved from theoretical risk to operational reality. In early 2024, engineering firm Arup lost £20 million after an employee was deceived by a deepfake video call that impersonated the company’s CFO and other executives. AI-generated candidates are appearing in recruitment processes, and voice cloning technology can now replicate a person’s voice from a few seconds of audio. Visual and audio verification are no longer reliable.
Device-bound authentication solves this problem at the protocol level. A Certifyd passkey is cryptographically bound to the worker’s physical device — it cannot be cloned, transferred, or synthesised. When a remote worker verifies through Certifyd, they prove their identity through a challenge-response that only their physical device can complete. No video, no voice, no documents — just cryptographic proof that the person is who they claim to be.
This is broken.
Here's why.
Remote workers are onboarded through video calls and document checks — both vulnerable to deepfakes.
AI-generated candidates are appearing in recruitment processes, passing initial screening rounds.
Companies grant system access and credentials to people they have never met in person.
Voice cloning and video synthesis make traditional identity verification methods unreliable.
Simple verification.
Every time.
Remote worker is asked to verify — both parties open Certifyd on their registered devices
Each person’s identity is cryptographically verified through their device-bound passkey — no video or voice needed
The system confirms the worker’s active membership with their employer and their role authorisation
A tamper-proof record is created: who verified, when, and under whose organisational authority
Ready to see it in action?
Book a demo or tell us about your needs.
“The amount of CVs that people like me are getting every day that say one thing, you challenge, and it falls apart. It’s ridiculous.”— Director, cybersecurity recruitment firm
Common questions.
Yes. Certifyd verification is device-bound, not appearance-bound. A deepfake can synthesise a person’s face and voice, but it cannot complete a cryptographic challenge on the real person’s registered device. When a remote worker verifies through Certifyd, they prove their identity through a passkey that is physically bound to their device — a device that an impersonator does not possess. This is fundamentally different from video-based verification.
During onboarding, the remote worker registers their device with Certifyd, creating a cryptographic key pair bound to that device. Their employer adds them as a member with a defined role. From that point forward, any verification request can only be completed by that specific device — proving the person is who they claim to be, regardless of where they are. This replaces the ‘show me your passport on Zoom’ approach with cryptographic proof.
Certifyd works the same way regardless of location. A hybrid worker verifies through their device-bound passkey whether they’re at home, in the office, at a client site, or in a coffee shop. The verification record captures the context (time, identity, organisational membership) without requiring physical presence. The same system that verifies a remote worker on a video call verifies them at the office entrance.
SSO and 2FA verify that someone can access an account — they don’t verify who that someone is. If a person’s credentials are compromised, 2FA protects the account but doesn’t prove the person using the credentials is the legitimate owner. Certifyd adds identity verification to the mix: it confirms not just that the right credentials were used, but that the person using them is cryptographically verified as the person they claim to be. It’s identity, not just access.
Explore more use cases.
Related Solutions
Related Reading
External Resources
Verify remote workers before granting access
Book a demo to see how Certifyd works for your team, or tell us about your verification needs and we'll get back to you within 24 hours.
Read: The Arup Deepfake Attack