Remote assessment has matured considerably as a delivery format, and the identity verification frameworks that sit beneath it have matured alongside it. Institutions can now confirm, with reasonable confidence, that the person who opens an exam is who they say they are. That is a genuine achievement. The more interesting question, and the one with the most practical implications for assessment design, is what happens after that confirmation is made.
A Useful Finding From the Research
Six students were asked to cheat during a remote exam. The proctoring software, designed specifically to catch this, flagged none of them. A human reviewing the same recordings afterwards caught one.
That result, from a controlled study cited in a 2024 review of AI in educational measurement, is worth sitting with for a moment. It did not find that proctoring software is without value. It found something narrower and more instructive: that the systems institutions rely on to confirm who is sitting an exam, and what they are doing during it, can perform differently across the two parts of that job. Confirming identity at login is something these systems do well. Maintaining that assurance across the full duration of a session is a harder problem, and one the profession is actively working to solve.
The Front Door Is Well Managed. The Rest of the Journey Deserves Attention Too.
Most identity verification in remote exams is front loaded. A student uploads a photo ID, takes a selfie, perhaps completes a short liveness check, and the system confirms a match. This happens once, typically in the first few minutes. From that point on, for the next one, two, sometimes three hours, the assumption is that the person behind the camera remains the person who was verified at the start.
For a short test, this assumption is generally sound. For a longer one, it is doing work that is worth examining. A verified login tells an institution who showed up. It says less about who is still there an hour later, or whether the face the camera sees at minute ninety belongs to the same person the camera saw at minute one. Understanding that distinction is the starting point for designing sessions that hold up across their full duration.
What Continuous Verification Makes Possible
There is a technical response to this gap, and it already exists in the research literature. A 2025 study published in the International Journal of Information Security proposed combining integrity policy enforcement with random, ongoing authentication checks using keystroke patterns, to catch impersonation that a one time login check would not detect. The approach shifts the verification model from a single confirmed moment to a continuous thread running through the session.
The logic is straightforward. Most impersonation, where it occurs, does not happen at login. Login is the moment everyone expects scrutiny. The middle of a session, when attention has settled and the pace of monitoring naturally relaxes, is where a substitution or a moment of unauthorised assistance is least likely to be noticed. A thoughtfully designed remote proctoring workflow accounts for this by distributing verification across the session rather than concentrating it at the start. The goal is not to increase surveillance pressure on students; it is to ensure that the assurance an institution has at minute one remains defensible at minute sixty.
The Genuine Difficulty Underneath the Technical Question
This is where the picture becomes more nuanced, because the gap between login verification and ongoing assurance reflects a genuine design challenge rather than an oversight. Phillip Dawson, a researcher at Deakin University’s Centre for Research in Assessment and Digital Learning, has spent years examining contract cheating: situations where someone else completes an assessment on a student’s behalf. Commonly cited estimates put admitted rates somewhere between three and fifteen percent of students, and the evidence base for detecting this through surveillance heavy approaches remains an active area of research and refinement.
The European Data Protection Supervisor’s work on automated proctoring adds a further layer of consideration. One major proctoring vendor suffered a database breach severe enough that user records were leaked, a reminder that the infrastructure built to verify identity can itself become a point of vulnerability. Managing that risk is part of what responsible platform selection involves.
Designing the Session as a Whole
None of this calls into question the value of front loaded identity checks. A confirmed identity at the start of an exam is better than no check at all, and for shorter assessments it is often entirely sufficient. The opportunity for assessment professionals lies in extending that rigour across the full arc of the session.
Doing so is less a matter of adding a verification step than of reconceiving the session design itself. From login to submission, a well architected remote exam treats identity assurance not as a problem solved in the first five minutes, but as a thread maintained throughout. The institutions building toward that model are not responding to a crisis; they are applying the same systematic thinking to session integrity that they have already applied to question design, marking, and reporting. The research is pointing in a clear direction, and the tools to follow it are increasingly within reach.
Lynn Martelli is an editor at Readability. She received her MFA in Creative Writing from Antioch University and has worked as an editor for over 10 years. Lynn has edited a wide variety of books, including fiction, non-fiction, memoirs, and more. In her free time, Lynn enjoys reading, writing, and spending time with her family and friends.
