A key part of making authentication secure, is through verification of user identities. Verification usually happens at sign up, to ensure the person signing up exists and is the intended person gaining access to your app or project.
When we use the term ‘identity’, we mean a unique identifier such as a phone number, email, or username.
When a user tries to access a system or service, they provide their identity along with additional credentials (e.g. password, one-time password OTP) to verify their identity and gain access.
Verification is an authentication security measure, that checks the person seeking system access is who they say they are. In addition, it provides a secure method to contact a user. Email identity details are required, for example, to reset a user’s password (requested or forced), and are needed to reliably send OTPs and trigger other auth mechanisms, like auth apps.
At Kinde, we don’t treat username identities the same as phone and email identities. If you want users to sign in and authenticate with usernames, they still need to verify themselves (if only once) via email.
For security reasons, it’s not meant to be easy to change a user’s verified identity. But we know it still needs to be possible. People change emails, change names, get new phone numbers, etc.
Soon you will be able to do this via API.
Authentication and access