Nametag fights deepfakes with mobile-first identity tech
with Aaron Painter, Nametag
Nametag fights deepfakes with mobile-first identity tech
Show Notes
Aaron Painter is the CEO of Nametag, a mobile-first identity verification platform that helps enterprises verify, re-verify, and protect the identities of their employees and customers - particularly in high-risk moments like help desk calls, account lockouts, and new hire onboarding. Before Nametag, Aaron spent many years at Microsoft and has lived and worked in over 100 countries, including five and a half years in China. He is also the author of Loyal: Listen or You Always Lose, a book about the connection between employee listening, customer loyalty, and organizational performance.
Nametag was founded five years ago with a deceptively simple insight: despite the massive investment companies make in login security, the real vulnerability has always been the human at the help desk who resets accounts based on unverified claims. That gap - which predates deepfakes - has now become a critical attack surface as AI makes impersonation effortless and scalable. The company's breakthrough was discovering that mobile phones, because of their cryptographically secure hardware architecture, could power identity verification that is genuinely difficult to spoof - unlike desktop webcams, which were designed for convenience and have no equivalent security layer.
The Real Vulnerability Isn't Your Login System - It's Your Help Desk
Modern enterprise security stacks invest enormous resources in login infrastructure: MFA, SSO, hardware tokens, biometrics. But there is a persistent gap that no amount of authentication technology closes: the help desk. When an employee calls and says they're locked out, the help desk rep's job is to help them. That instinct - to be helpful - is exactly the vulnerability that social engineering exploits.
Before deepfakes, the attack was simple: find the answers to security questions through leaked data or public OSINT, call the help desk, answer the questions, get the account reset. Now, AI voice cloning and video deepfakes give attackers a convincing voice and face to go with the fabricated answers. The helpdesk rep who went into the business to help people is now involuntarily operating as an identity interrogator - and they are not equipped for that role. Aaron's observation is that this is fundamentally a human problem that technology had created and that technology would need to solve.
Why Mobile-First Identity Verification Works When Desktop Doesn't
The insight that drives Nametag's architecture is a hardware security distinction almost no one talks about: desktop webcams are not cryptographically wired into the device's trusted security modules. They were designed for convenience - video calls, photos - not for authentication. This means that when a deepfake is injected into a desktop video stream, the system receiving the feed has no reliable way to distinguish camera output from manipulated software output.
Modern mobile phone cameras, used correctly, are fundamentally different. They are physically connected to secure hardware modules, and the telemetry and cryptographic evidence collected from a mobile device can be verified as coming from an untampered source. To deploy a deepfake against a mobile-native identity verification flow, the attacker would need to compromise the hardware itself - a dramatically higher bar than intercepting a desktop webcam stream. This is why Nametag built the entire product around the mobile experience and uses App Clips (iOS) and Instant Apps (Android) - native mini-applications delivered without an app store download - to ensure evidence collection happens inside a trusted, unmodifiable environment.
The Product Suite: From Help Desk to Hiring to Re-Verification
Nametag started with a help desk tool: when an employee calls claiming to be locked out, the rep sends a one-off verification link. The employee completes identity verification on their phone - scanning a government ID and taking a secure selfie - and the rep receives confirmation before resetting access. This removed the social engineering attack surface and, as a side effect, made the interaction dramatically less awkward for both parties. The help desk rep could focus on helping rather than interrogating.
The product expanded from there. Over half of enterprise support tickets are account lockout requests, so Nametag built a self-service recovery flow: employees go to a page, click “I'm locked out,” verify via Nametag, and the system automatically resets their access through integrations with Okta, Cisco Duo, Microsoft Entra, and other identity platforms - no human help desk interaction required. Most recently, Q4 2024 brought a surge of customers reporting a different threat: suspected fake hires, including North Korean operatives who had obtained valid Social Security numbers through data breaches, passed background checks, gotten hired remotely, and were being provisioned into corporate networks. Nametag launched an employee onboarding verification product in January 2025 to close that entry point.
The North Korean Fake Hire Problem
One of the most striking threats Aaron describes is not science fiction - it is something Nametag's enterprise customers are actively dealing with right now. North Korean operatives and affiliated actors are applying for remote jobs at scale, using valid Social Security numbers obtained through data breaches to pass background checks, and getting hired. The typical new hire onboarding flow - receive an email, click a link, set up your password, configure your MFA - provides no mechanism to verify that the person following those instructions is the same person who interviewed for the role.
Once provisioned, these actors have legitimate access to corporate networks and data. Aaron notes that this threat vector, which spiked significantly in late 2024, is wildly more common than most organizations realize. Nametag's solution is simple in concept: verify identity before provisioning access, not after. The same technology that re-verifies an employee calling the help desk can verify a new hire at the moment of onboarding, closing the gap between “we hired this person” and “we gave this person network access.”
Reusable Identity: The Patent That Changes the Economics
Traditional identity verification is expensive because every verification is a new event: scan the ID, take the selfie, process the document. Nametag's patented re-verification capability changes this. Once a person completes the full initial verification - government ID plus the secure spatial selfie captured on mobile - subsequent verifications can be completed with just a new selfie, compared biometrically against the earlier verified selfies and back to the government-issued ID.
The distinction from Face ID is important: Face ID on an iPhone verifies that you are the same face that enrolled the device, but it has no idea whose face that is. Nametag's re-verification connects the face to a specific person with a specific identity - the employee, the account holder, the individual who originally verified with their government ID. The pricing model reflects this: Nametag licenses per employee, similar to how companies license MFA, because the cost per re-verification event is low enough to make per-event pricing unnecessary.
Trust as the Scarcest Resource in the Virtual World
Aaron's larger concern - the one he returns to throughout the conversation - is the collapse of trust as a social resource. Every survey measuring trust in government, companies, and each other shows it declining. At the same time, the virtual world increasingly depends on trust: remote work, online commerce, digital services, distributed teams. The tools that enable this world are also, through deepfakes and AI impersonation, making it systematically harder to know who you are actually dealing with.
His book Loyal operates on a related insight in the organizational context: when employees feel genuinely listened to, that experience of being heard cascades into how they treat customers, creating virtuous loyalty cycles. The underlying principle - that trust is the foundation of all productive human interaction - runs through both the book and the product. Nametag's mission is not really about cybersecurity in the narrow sense; it is about preserving the conditions under which human progress through collaboration is possible.
Tools & Resources Mentioned
- Nametag - Mobile-first identity verification; getnametag.com. Integrates with Okta, Cisco Duo, Microsoft Entra. Clients include HubSpot, Autodesk, and Network Solutions.
- Whisper Flow - Aaron's favorite AI productivity tool; desktop voice dictation powered by OpenAI's Whisper model. Dramatically better than Siri for replying to emails and Slack messages by voice.
- Apple App Clips / Android Instant Apps - Nametag's delivery mechanism; native mini-apps with full app-level security, delivered without an app store download. Enables tamper-resistant evidence collection.
- Google Veo 3 - Released the day before recording; Aaron notes video generation has reached near-cinematic quality, dramatically raising the deepfake threat level.
- GitHub Copilot - Referenced as one of the most widespread and underappreciated enterprise AI adoption cases; fundamentally changing software development productivity.
- Loyal: Listen or You Always Lose by Aaron Painter - Book on the connection between employee listening, customer loyalty, and organizational performance.
- Okta / Cisco Duo / Microsoft Entra - Identity platform integrations Nametag wraps to add verified identity to existing enterprise stacks.
Frameworks
The Help Desk as the Weakest Link
Enterprise security invests in login systems while leaving the account recovery process - where a human must make a trust judgment under social pressure - largely unprotected. Social engineering exploits exactly this gap. Security architecture must account for human interaction points, not just authentication technology.
Mobile Hardware as a Security Boundary
Desktop webcams have no cryptographic connection to hardware security modules and can be intercepted by deepfake software. Mobile phone cameras, used correctly, are connected to trusted hardware and produce evidence that can be verified as untampered. The mobile-first design choice is a security decision, not a UX decision.
Reusable Identity vs. Repeated Verification
One-time identity verification (scan ID + selfie) is expensive and creates friction. Re-verification against a verified baseline (new selfie vs. prior verified selfies vs. government ID) amortizes that cost across unlimited future interactions. The economics shift from per-event to per-person, enabling frequent verification without friction.
L.O.Y.A.L. - Listen or You Always Lose
Employees who feel genuinely heard carry that experience into how they engage with customers, creating virtuous loyalty cycles. Listening is not a soft management practice - it is a business performance driver. The same principle applies to product development: organizations that listen to users build products that earn loyalty.
FAQ
What problem does Nametag solve?
Nametag solves the identity verification gap in account recovery and access provisioning. When an employee calls the help desk claiming to be locked out, or when a new hire is being given corporate network access, there is typically no reliable way to confirm they are who they say they are. Nametag provides mobile-native identity verification that is resistant to deepfake attacks and connects directly to enterprise identity platforms like Okta, Cisco Duo, and Microsoft Entra.
Why is mobile-first important for identity verification?
Desktop webcams were designed for convenience, not security - they have no cryptographic connection to hardware security modules and can be intercepted by deepfake injection software. Mobile phone cameras are connected to secure hardware, and evidence collected through Nametag's App Clip or Instant App can be verified as coming from an untampered source. This makes deepfake attacks dramatically harder to execute.
What is the North Korean fake hire threat?
Operatives (primarily from North Korea) obtain valid Social Security numbers through data breaches, apply for remote jobs, pass background checks, complete remote interviews (sometimes using AI or hired proxies), get hired, and are then provisioned into corporate networks. Nametag's onboarding verification product, launched January 2025, verifies that the person being provisioned is the same person who was hired.
How is Nametag priced?
Per employee/user - similar to how companies license MFA. The company licenses based on the number of humans in the organization rather than per verification event, because reusable identity makes subsequent re-verifications low-cost enough to bundle into the per-person fee.
What is the user experience like for employees?
Very simple: click a link or scan a QR code, which opens an App Clip (iOS) or Instant App (Android) - a native mini-application with full app-level security that doesn't require an app store download. The user scans their ID and takes a selfie. Subsequent re-verifications require only a new selfie. The experience feels like a native part of the phone OS.
What is Whisper Flow and why does Aaron recommend it?
Whisper Flow is a desktop voice dictation tool powered by OpenAI's Whisper model. Aaron uses it to reply to emails and Slack messages by voice - describing it as what Siri should have been. It dramatically reduces the time between knowing what you want to say and having it written, and supports multilingual dictation.