Skip to content
  • Auth and access
  • About authentication

User identity and verification

A key part of making authentication secure, is through verification of user identities. Verification usually happens at sign up, to ensure the person signing up exists and is the intended person gaining access to your app or project.

Definition of an identity

Link to this section

When we use the term ‘identity’, we mean a unique identifier such as a phone number, email, or username.

When a user tries to access a system or service, they provide their identity along with additional credentials (e.g. password, one-time password OTP) to verify their identity and gain access.

Why verification is important

Link to this section

Verification is an authentication security measure, that checks the person seeking system access is who they say they are. In addition, it provides a secure method to contact a user. Email identity details are required, for example, to reset a user’s password (requested or forced), and are needed to reliably send OTPs and trigger other auth mechanisms, like auth apps.

Username identities must have a phone or email

Link to this section

At Kinde, we don’t treat username identities the same as phone and email identities. If you want users to sign in and authenticate with usernames, they still need to verify themselves (if only once) via email.

When an identifier changes

Link to this section

For security reasons, it’s not meant to be easy to change a user’s verified identity. But we know it still needs to be possible. People change emails, change names, get new phone numbers, etc.

Soon you will be able to do this via API.