The founder's second act: Why Kinde feels like a real-life undo button
By Evgeny Komarevtsev —
What if real life had an undo function? A magic Ctrl+z for those moments you wish you could rewind and choose a different path. As founders, we make countless decisions, big and small. While we can’t actually turn back time, reflecting on the journey often reveals where an “undo” would have been incredibly valuable.
When thinking about the value we provide at Kinde, I often find myself considering this. It strikes me that Kinde is almost more valuable to second-time founders. Why? Because they’ve already lived through the version of reality without the undo button.
Let me expand.
If you’re building your first startup, chances are you’re brimming with optimism and a fierce desire to build everything. I certainly was. There’s a powerful instinct to control every line of code, every pixel, every feature.
- Auth? “Why pay? There are open-source libraries. I’ll have it working in 10 minutes!”
- Feature Flags? “It’s just a hash map with booleans. Paying for a service seems like overkill. I’ll build it myself.”
And so it goes. Initially, it feels empowering. That simple auth does work in 10 minutes. That basic feature flag is just a simple data structure.
Then reality bites and the list grows:
- Let’s add another authentication method—maybe social login or enterprise SSO
- Security demands two-factor authentication (2FA)
- Simple feature flags need more complex rules—percentages, user segments, maybe JSON payloads
- Quick! We need audit logs!
- We must have robust user management and role-based access control
For successful products, this cycle never stops. The list expands relentlessly. Suddenly, you’re splitting your precious time—time that should be spent talking to customers and building your core value proposition—on maintaining and upgrading the invisible foundations of your app.
It’s not fun. It’s rarely rewarding. And here’s the kicker: not a single customer will ever thank you for meticulously implementing 2FA. But you can bet they’ll loudly (and rightly) complain if their account gets hijacked because you didn’t.
My philosophy teacher introduced me to a profound concept: understanding the horizon of my own ignorance. It echoes Socrates’ famous declaration: “I know that I know nothing.”
Growth is essentially paying off your "ignorance debt" over time.
Applied to building a business, the “unknown unknowns”—the things you don’t even know you don’t know—are often the most expensive part. This is the cost of your ignorance. You could even invert it: by not having a $1M ARR business right now, your current ignorance is costing you that potential $1M. Growth is essentially paying off your “ignorance debt” over time.
We also face a cosmic limitation: time is the one resource you absolutely cannot buy more of. The next best thing? Buying the distilled knowledge and time of others who have already navigated the maze. As a wise person (John Salvatier) wrote, “reality has a surprising amount of detail,” far more than you initially anticipate.
Of course, all founders want to build things with our own hands, but none of us are really doing anything from scratch. We are always building on what is already known, even if it’s the first time building it for ourselves.
And when it is the first time, things can seem much simpler than they really are. From the view of a second-time founder, let’s take a closer look at some of the areas that seem “simple”.
Building secure auth for a modern web app isn’t just about hosting a page where users can register and sign in. Building auth involves understanding and implementing all of the following and so much more:
- Asymmetric encryption principles
- Correct security headers (CSP, HSTS, etc.)
- Keeping infrastructure updated (latest TLS versions)
- Correct cookie parameters (HttpOnly, Secure, SameSite)
- CSRF token implementation and validation
- Binding authentication sessions to the browser/device
- Brute-force attack prevention
- Correct password hashing (and knowing when/how to upgrade)
- Authenticating your email domain (SPF, DKIM, DMARC) to ensure password resets land
- DNS security considerations (like DNSSEC)
- and much, much more.
Not to overstate, but get any of this wrong and it could be catastrophic for your business.
Where authentication is about who is allowed in, authorization is about who can do what. This can evolve from simple roles to complex permissions, potentially needing fine-grained access control, policy engines, and audit trails.
For example, roles and permissions might be easy if you only need members and admins, with read and write permissions. But things get complex fast if you support multi-tenancy, with organizations wanting different roles and permission mixes to other tenants. It can get messy fast.
Feature flagging
Features are on or off right? Boolean? It might start this way, but you’ll find that you quickly need percentage rollouts, user targeting, segmentation, kill switches, and integration with analytics.
If your product is complex and feature provisioning has unseen dependencies—such as rate limiting, x unit inclusions, etc.—then you’re going to need more than a switch.
Billing
If your product or service is flat rate only and will never change, you’re probably fine to use something simple. But anything beyond that, and you’re facing a whole new set of considerations.
- Are subscriptions monthly or annual?
- Is there also usage-based or unit-based pricing?
- How will you invoice and how will your customers access past invoices?
- How do you ensure tax compliance in your region?
- Will you integrate secure payment gateways? Which ones?
- What is your dunning policy and how do you enforce it?
- Do you have different plans and prices for different geographies?
Once you start collecting payments from customers, you’ll find you need a whole other product (or more) to manage this. Because if you don’t do this right—if you aren’t secure and reliable—your customers will drop you immediately.
This is just a light scratch of the deep surface of authentication, authorization, features, and billing. Building these correctly, securely, and scalably is a massive undertaking. It requires deep expertise and ongoing maintenance—which is a constant distraction from your core mission.
Second-time founders have wrestled with at least some of these challenges before. We’ve felt the pain of maintenance, the anxiety of security vulnerabilities, and the frustration of diverting resources away from customer-facing features.
We understand the true cost of DIY.
Kinde is here to replace that pain for those second-time founders, and to (hopefully) avoid that pain for first-time founders.
With Kinde, you get an undo—or a go around—button:
- Instead of enduring the foundational pain, choose a platform where those lessons have already been learned (often the hard way!), and are addressed as part of the core experience.
- Instead of spending months building and rebuilding infrastructure, integrate a solution built by specialists who dedicate their time to getting it right.
- Instead of spreading your attention across necessary-but-undifferentiated tasks, focus your energy where it truly matters: understanding your customers, building your unique product, and shipping value faster.
By choosing to stand on the shoulders of giants for these foundational pieces, you’re not taking a shortcut; you’re making a strategic choice to invest your most valuable resource—your time—wisely. You’re hitting “undo” on the common pitfalls and fast-forwarding to what matters most: building a successful business for your customers.
I still start every day knowing I know nothing. And I write this from a place very much on my own learning journey, scratching the surface of these complex domains. These are some of the lessons I’ve picked up along the way, and I want to share them—with abundance, not scarcity—to build a world with more founders.