Sophia Lin
Security Researcher
Digital identity has long been treated as a technical problem — a matter of cryptography, tokens, and session management. But at its core, identity is a human concept. It is about who we are, how we are recognized, and how we navigate relationships of trust.
The narrow view of identity as a credential — a username and password, a certificate, a token — misses something essential. A credential can be stolen. An identity cannot. The person behind the credential has a history, a context, a set of behaviors and relationships that no attacker can perfectly replicate.
Human-centered identity systems leverage this richness. Instead of asking "do you have the right key?", they ask "are you the person who usually holds this key, in the context where they usually hold it?"
Building identity systems that respect human dignity means giving people genuine control over their data. Not checkbox consent buried in terms of service, but meaningful choices about what is collected, how it is used, and who can see it.
It also means designing for failure gracefully. When a legitimate user is flagged incorrectly — and they will be — the recovery process must be fast, clear, and not humiliating.
Be the first to start the discussion
Exploring how artificial intelligence is shaping the way we verify and protect our online identities.
Safeguard personal data in an era of endless breaches and malicious practices.
The industry has tried to kill passwords for twenty years. Passkeys might actually do it.