Never Trust, Always Verify

~ Jeremy B. Blevins

There is a phrase in cybersecurity that, once heard, is difficult to ignore.

Never trust. Always verify.

It is presented as a principle of good design, a response to hostile networks and persistent threats. But like many such principles, it carries with it a quiet assumption, that trust, as a default posture, is no longer sufficient.

I am not entirely sure when that assumption became widely accepted. Only that it now seems to underlie nearly everything.

The End of the Perimeter

There was a time when security meant boundaries. If you were inside the network, you were trusted. If you were outside, you were not. Firewalls defined the edge. VPNs acted as secret tunnels. The model resembled a city, with walls and controlled entry points.

That model has largely dissolved.

Cloud systems blurred the boundary. Remote work erased location. Devices became mobile, identities portable. The question is no longer where you are, but whether you can demonstrate who you are, repeatedly.

Trust, in this environment, becomes a risk.
Verification as Process

What replaces it is not suspicion in the human sense, but verification in the procedural sense.

Identity is asserted.
That identity is checked.

And that check does not end. Authentication is no longer an event. It is a process.

Systems now evaluate:

  • device posture
  • location consistency
  • behavioral patterns
  • access context

Each interaction becomes a question, asked again.

Signals and Their Sources

But verification requires something to verify against. Systems do not generate trust on their own. They rely on signals, attributes about the user that can be evaluated quickly and consistently.

This is where the earlier shift becomes significant.

If identity is now embedded into infrastructure, then those signals are no longer gathered locally. They are provided.

The system does not ask who you are.
It asks what it has already been told about you.

If identity provides the signal, verification provides the judgment.

There is something familiar in this reduction, though it appears in a different form. Older societies often relied on simple markers to distinguish insider from outsider, sometimes as crude as a word pronounced correctly or incorrectly. The test was not whether one belonged in any meaningful sense, but whether one could produce the expected signal.

The California Model

Recent laws begin to formalize this arrangement.

California’s Digital Age Assurance Act requires operating systems to collect age information at account creation and provide it to applications through a standardized interface.1 The application no longer performs its own verification. It consumes a signal generated elsewhere.

What matters here is not the specific attribute.
It is the pattern.

A piece of identity is captured once, structured, and made available everywhere.

The Logic of Expansion

Once such signals exist, their use becomes difficult to contain. If a system can verify age, it can enforce age-based restrictions. If it can enforce those, it can incorporate additional attributes. If additional attributes exist, they can be combined. Each step appears reasonable when viewed in isolation. Taken together, they form a system in which access is no longer granted, but calculated.

Multi-Factor Life

In cybersecurity, we speak of multi-factor authentication as a way of increasing confidence.

Something you know.
Something you have.
Something you are.

No single factor is sufficient. Trust must be constructed from multiple independent proofs. I find myself wondering whether this logic is beginning to extend beyond systems and into ordinary life. Not as a formal requirement, perhaps, but as a pattern. We are asked, increasingly, to verify:

  • identity
  • age
  • location
  • legitimacy

Each system, taken alone, is understandable. Together, they begin to resemble a kind of ambient multi-factor existence.

From Trust to Calculation

There is a certain clarity in this model. It reduces ambiguity. It allows decisions to be made quickly and consistently. It scales in ways that human judgment does not. But it also alters the meaning of trust.

Trust is no longer extended.
It is calculated.
And what is calculated can always be recalculated.

John Kindervag, who first articulated the Zero Trust framework, has described it not merely as a technical model, but as a strategy, even a kind of culture. At its core is a simple but unsettling premise: trust itself is a vulnerability, something to be minimized rather than extended.2

In that light, the movement toward continuous verification appears not as an overreach, but as a logical correction. And yet I find myself wondering whether something is lost in that correction.

A Shift in Ownership

There is a further question that I find difficult to avoid. If systems increasingly require verification as a condition of access, then the device itself begins to change in character. A computer that once functioned as a personal tool begins to resemble something else, a terminal through which identity must be asserted and confirmed before use.

This shift is no longer theoretical. Recent changes to Windows 11 have made it increasingly difficult to create local user accounts that operate independently of Microsoft’s authentication systems. During setup, users are now typically required to connect to the internet and sign in with a Microsoft account, while previously available methods for bypassing that requirement have been systematically removed or restricted.3

The justification is familiar. Such measures are said to improve security, ensure proper configuration, and enhance the user experience. And there is some truth in that. But the structural implication is harder to ignore.

When access to the machine depends on successful authentication against an external service, the locus of control begins to shift. The system is no longer simply something we operate. It is something that mediates whether we are permitted to operate at all.

This does not necessarily imply surveillance, nor does it require intent. But it does suggest a change in ownership that is subtle, difficult to articulate, and perhaps more significant than it first appears.

A System Without End

The older model of trust allowed for completion. You were known. You were accepted. The question did not need to be asked again.

The newer model has no such moment. Verification does not conclude. It persists.

Each action is evaluated. Each request reconsidered. Each signal rechecked. There is no final state of being trusted, only a continuous state of being verified.

Closing Reflection

If identity is becoming infrastructure, then verification is becoming its use. The system does not remember that you have proven yourself. It only checks whether you can do so again.

And again.

References:

  1. Tom’s Hardware. (2025). California introduces age verification law requiring OS-level age checks.
    https://www.tomshardware.com/software/operating-systems/california-introduces-age-verification-law ↩︎
  2. Think Business. (2023). The father of Zero Trust, John Kindervag, on strategy and security.
    https://www.thinkbusiness.ie/articles/father-of-zero-trust-john-kindevag-strategy-interview/ ↩︎
  3. ZDNET. (2025). Microsoft just blocked a popular way to set up a local account in Windows 11—here’s what still works.
    https://www.zdnet.com/article/microsoft-just-blocked-a-popular-way-to-set-up-a-local-account-in-windows-11-heres-what-still-works/ ↩︎

Leave a comment