Moving Beyond Authentication Theater: Why We Built GetTrusted

Jon Welborn

4 min read
Moving Beyond Authentication Theater: Why We Built GetTrusted

By: Jon Welborn, Co-Founder of LastID

One night in late 2024, my phone rang. My wife's name on the caller ID. I answered, and heard a man's voice.

"Jon, listen carefully. I have your family. If you don't want them hurt, do exactly what I tell you."

My heart jumped. I muted the call and scanned the room. My kids were right there. My wife had just walked into the next room. Everyone was safe. But the voice continued:

"Five thousand dollars cash tonight. You have until the count of three."

He counted. Then hung up.

Even knowing my family was safe, I couldn't stop thinking: what if they hadn't been home? What if I had no way to verify the threat?

As security professionals, Matt and I have faced thousands of threats over our combined 50+ years of industry experience, from red teaming global organizations, leading Amazon's incident response, and driving security at Wells Fargo and Dropbox. That night crystalized something Matt and I had been circling for years:

We've built elaborate systems to verify passwords, but no system to verify people.

The Problem: Authentication Theater

Today's security systems obsess over authentication: passwords, MFA, SMS codes, authenticator apps. Each layer promises better protection, but none actually prove who you're interacting with.

This is authentication theater. It feels secure. It looks secure. But it fails at the core mission: proving true identity.

There's a critical difference: Authentication proves you have the right tokens. Identity proves you ARE the right person.

The attacker had my wife's number and enough personal details to sound convincing. That's all most systems require: the right number, the right artifacts. Authentication successful.

But identity? They had none.

What True Identity Verification Looks Like

Real identity verification means proving you are who you claim to be, using signals that can't be faked, guessed, or transferred. It's not just:

  • What you know (passwords)
  • What you have (devices)
  • What you are (biometrics in isolation)

It's about establishing a cryptographically provable chain of trust.

How GetTrusted Works

Imagine if every contact in your phone had an unforgeable digital signature. When they call, text, or email, you'd see a green checkmark. Cryptographic proof they're really them. Not caller ID, not spoofable headers. Mathematical certainty.

GetTrusted uses cryptographic verification to prove identity across the channels you already use: phone calls, emails, texts, and our app.

Every person becomes their own certificate authority. No central servers to breach. No passwords to steal. Just mathematical proof of identity that works offline, across borders, without asking permission from any corporation.

For individuals: Establish a verified identity by securely exchanging cryptographic keys — either in person (QR/NFC) or remotely (SMS coordination with OTP).

For enterprises: Centralized identity management through an easy-to-integrate console.

Once set up, the system runs quietly in the background. When someone contacts you, GetTrusted provides the way to verify whether they're who they claim to be.

No guessing. No relying on caller ID or email headers. Just binary trust: verified or unverified.

Why This Matters

This isn't just about emergency calls. Every day, people face identity risks:

  • Remote workers proving they're really employees
  • Elderly family members navigating financial conversations
  • Executives confirming high-stakes communications
  • Employees verifying that urgent text from "the CEO"
  • Healthcare providers confirming authorized family members

The stakes are high. The current system leaves too much room for error.

Our Philosophy: Simple But Not Basic

Complex problems don't always need complex solutions. They need thoughtful ones.

GetTrusted's architecture reflects this. We didn't build another authentication layer. We built an identity verification network.

The identity industry won't like this. They've built empires on being your mandatory middleman. We're making them optional.

Simple for users, robust under the hood:

  • Seamless cryptographic key exchange
  • Verified trust across everyday communication channels
  • Industry-proven cryptographic standards, applied to modern workflows

Either a communication is cryptographically verified, or it's not. That simple.

Join Us

If you've ever questioned whether that urgent call was real, whether that wire transfer request was legitimate, or whether your family member was truly in trouble, you understand why we built this.

The future of identity isn't about bigger corporations holding more of your data. It's about you owning your identity and proving it to whoever you choose, whenever you choose, without anyone's permission.

Join our early access and help us replace authentication theater with actual trust.

Read more