Identity verification and authentication are about making sure the person who starts, continues, and completes an assessment is the person the result belongs to. In AI-enabled assessment, the issue goes beyond login to include biometrics, device assurance, fraud prevention, and continuous checks during a session. These controls can reduce impersonation and misuse, but they do not by themselves prove that the assessment evidence is valid, independent, or fairly produced. The main question for assessment teams is not only whether identity can be checked, but whether the chosen control is proportionate, accessible, and defensible for the stakes involved.

Identity verification and authentication in assessment are about proving that the person who starts, continues, and completes a task is the person the result is meant to belong to. In AI-enabled assessment settings, this is not just a login or invigilation issue. It can also involve biometrics, device assurance, fraud prevention, continuous authentication, and decisions about how much trust to place in vendor-led identity controls.

Assessment leaders need to know whether identity controls improve assurance without creating new fairness, privacy, accessibility, or operational risks. If an assessment body relies on AI-led identity checks, it still needs to explain what was verified, what error rates are acceptable, and how a candidate can challenge a false rejection. That matters especially where results have regulatory, professional, or employment consequences.

- **Identity assurance**: confidence that the candidate is who they claim to be. - **Authentication**: the mechanism used to confirm or re-confirm identity during a session. - **Biometrics**: identity checks using facial, voice, behavioural, or similar signals. - **Continuous authentication**: repeated checks during the assessment rather than a single login event. - **Assessment validity**: whether the evidence collected is actually the evidence needed for the decision. A system can be strong on authentication and still add little to the quality of the assessment decision itself. Identity assurance and validity are related, but they are not the same problem.

The source set points to a clear market need for identity assurance in remote and AI-enabled assessment. Supplier material consistently frames identity verification as part of a wider security stack, alongside proctoring and fraud prevention. The assessment implication is straightforward: tighter authentication can reduce impersonation and session misuse. There is also broad practical agreement that identity checks alone do not prove authentic, independent, or fairly produced work. The deeper assessment issue is not just “who is the person?” but whether the assessment design actually needs identity assurance to support its validity claim.

The main uncertainty is not whether identity controls can be useful, but how far they should go and what evidence is sufficient. The current source set is still mostly supplier-authored material, so it signals product direction more strongly than it resolves questions about error rates, bias, accessibility, and proportionality. Open questions remain about whether biometric and continuous authentication tools are reliable enough across different candidate populations and stakes, and whether they create new barriers for candidates who cannot easily use them. The field still needs more independent studies and regulator guidance on when such controls are proportionate in assessment settings.

- False rejections that block legitimate candidates. - Privacy and data-governance risks, especially where biometrics are used. - Accessibility risks for candidates whose circumstances make identity checks difficult. - Over-reliance on identity tools as a substitute for stronger assessment design. - Procurement risk if vendor claims are treated as validation evidence. - Operational fragility if the identity system fails during a live assessment.

Assessment teams should separate three questions clearly: 1. **Who is the person?** That is the identity problem. 2. **What are they allowed to do?** That is the access and control problem. 3. **What evidence does the assessment actually need?** That is the validity problem. Useful evaluation questions include: - Is identity verification being used to reduce impersonation, device misuse, or both? - What evidence shows the method works for the intended candidate population and stakes? - How are false rejections, privacy, accessibility, and appeal routes handled? - Does the control improve assessment trust, or mainly make fraud harder? - What happens when the identity system fails but the assessment must continue? - If biometrics are used, what are the legal, ethical, and data-governance implications?

### 1. Basic login controls Best where the main need is simple access control and the stakes do not justify heavier assurance. These are low-friction, but they do little to address impersonation after login. ### 2. Identity verification at point of entry Useful where a provider needs more confidence about who begins the assessment. This can strengthen assurance without introducing continuous monitoring, but it may still miss mid-session misuse. ### 3. Continuous or biometric authentication Most relevant where the risk of impersonation or substitution is high and the stakes justify added friction. This gives stronger assurance, but it also raises the biggest questions about false rejects, accessibility, privacy, and proportionality.

A professional certification body moving an exam online decides that a single password is too weak for a high-stakes result. It adds identity checks at sign-in and a secondary challenge for suspicious sessions, but does not assume that this alone makes the assessment secure. The team still reviews task design, appeal routes, and contingency plans for candidates who fail the identity check for non-fraud reasons.

The supplier landscape is active and expanding. TypingDNA, Verif-y, DigiProctor, and Talview all present identity verification as part of a wider exam-security stack, using AI, biometrics, or facial recognition to strengthen confidence in who is taking the assessment. This is a useful market signal, but it remains supplier-authored material rather than independent validation.

### How is identity verification different from assessment validity? Identity verification can strengthen confidence about who took the assessment, but it does not by itself prove that the assessment evidence is valid, independent, or fair. ### Can AI-based authentication reduce cheating? It can make impersonation and some forms of session misuse harder. It should still be treated as one control within a broader assessment-security design, not as a complete solution. ### What should assessment teams ask before using biometrics in exams? They should ask about accuracy, false rejections, privacy, accessibility, appeal routes, and whether the control is proportionate to the stakes.

Tim Burnett (Admin)

Test Community Network. "Identity verification and authentication." TCN AI & Assessment Wiki. Last reviewed 2026-04-22. https://www.testcommunity.network/wiki/identity-verification-and-authentication.html

- TypingDNA website. - Verif-y website. - DigiProctor website. - Talview website.