Most systems treat identity as something stable — once verified, it’s assumed to remain consistent.
But in real-world usage, identity behaves differently depending on:
• context (location, environment, timing)
• intent (what the user is trying to do)
• interaction flow (sequence of actions)
This creates a mismatch.
So systems compensate by:
• collecting more user data
• adding more rules
• increasing verification steps
Yet issues still show up:
• legitimate users get blocked
• risky behavior passes through
• systems behave inconsistently under edge cases
It feels like the limitation isn’t identity verification itself — but the assumption that identity is static.
Curious how others here think about this:
Are there practical ways to model identity as something dynamic without making systems overly complex or slow?
PaulHoule•1h ago
I work on a subscription service where there are numerous ways to "log in" like maybe your IP address tells us you work for one of our members, or we integrate with the SSO for your organization, it might even be both -- on campus you use your IP but you need your SSO from home or on campus you might use the SSO not for access but to tell us who you are so you can access features like bookmarks. For other members you log in with a username and password. And there are even more ways to log in.
You'd better believe we have to think about this complexity whenever we work on the auth system but it is worth because of these things serves a certain tranche of customers.