Ask HN: Is static identity becoming a limitation in modern systems?
Most systems treat identity as something stable — once verified, it’s assumed to remain consistent.
But in real-world usage, identity behaves differently depending on:
• context (location, environment, timing)
• intent (what the user is trying to do)
• interaction flow (sequence of actions)
This creates a mismatch.
So systems compensate by:
• collecting more user data
• adding more rules
• increasing verification steps
Yet issues still show up:
• legitimate users get blocked
• risky behavior passes through
• systems behave inconsistently under edge cases
It feels like the limitation isn’t identity verification itself — but the assumption that identity is static.
Curious how others here think about this:
Are there practical ways to model identity as something dynamic without making systems overly complex or slow?