Rob Pegoraro<p><strong>Getting verified by Bluesky: a surprisingly easy process, no ID upload needed</strong></p><p class="">My Bluesky account now has one thing in common with my pre-2023 Twitter account: a white checkmark inside a blue circle. But unlike the social-media status symbol that I’d spent a couple of weeks <a href="https://robpegoraro.com/2023/04/07/the-value-of-my-twitter-checkmark-is-just-about-zero-now/" rel="nofollow noopener" target="_blank">in 2014</a> lightly working the refs at Twitter to get, this one required no ongoing effort on my part and probably wasn’t necessary anyway.</p> <a href="https://robpegoraro.wordpress.com/wp-content/uploads/2025/07/phone-with-bluesky-app-open-reflecting-a-blue-sky.jpg" rel="nofollow noopener" target="_blank"></a> <p>That last part is because I had taken advantage of Bluesky’s <a href="https://bsky.social/about/blog/4-28-2023-domain-handle-tutorial" rel="nofollow noopener" target="_blank">domain name-based verification</a> two years ago, after figuring out <a href="https://bsky.app/profile/robpegoraro.com/post/3jzxhzoph5k22" rel="nofollow noopener" target="_blank">some wonkiness with WordPress.com domain registrations</a>. That was an easy choice, since converting my Bluesky handle to <a href="https://bsky.app/profile/robpegoraro.com" rel="nofollow noopener" target="_blank">@robpegoraro.com</a> tied my identity there to a site at which I’ve been writing since <a href="https://robpegoraro.com/2011/04/06/a-side-project/" rel="nofollow noopener" target="_blank">the spring of 2011</a>. </p><p>But I recognized how a domain-rooted verification regime could break in practice. What if <a href="https://bsky.app/profile/conorsen.bsky.social/post/3ldhmmqoqdc2g" rel="nofollow noopener" target="_blank">an attacker registered a first name-last name domain</a> to try to con a widely-followed journalist? What if somebody registered a domain name through <a href="https://bsky.social/about/blog/7-05-2023-namecheap" rel="nofollow noopener" target="_blank">Bluesky’s option to do that</a> and then had that domain name <a href="https://bsky.app/profile/karlbode.com/post/3lbuybapqfs2u" rel="nofollow noopener" target="_blank">only point to their own Bluesky profile</a>? </p><p>So when Bluesky <a href="https://bsky.social/about/blog/04-21-2025-verification" rel="nofollow noopener" target="_blank">introduced a decentralized verification system</a> in April, including the option of having a “trusted verifier” organization vouch for your account, I had to try it out. And by “had,” I mean I set it aside for the next month and change until my journalist pal Dwight Silverman, the Houston Chronicle’s longstanding tech columnist, <a href="https://bsky.app/profile/dwightsilverman.com/post/3lsac33aro22e" rel="nofollow noopener" target="_blank">got verified about three weeks ago</a>. </p><p>That spurred me to fill out the <a href="https://docs.google.com/forms/d/e/1FAIpQLSeIjeImcJEG6m8WSTVXiWrD4CVEidg0VH6548xNl47ICjiNnA/viewform?usp=header" rel="nofollow noopener" target="_blank">Google Docs form</a> for Bluesky verification. The form noted that Bluesky management reserved the right to require ID-based verification “at a later date” via an unspecified form of document and outlined such requirements as having an account representing “a real person, registered business, organization, or legitimate entity” and being ranked as “notable within your field and geographic region.”</p><p>After I selected “Journalist/News Organization” from an opening list of “Verification Categories,” the form requested my role at my publication, the address of that news organization’s site, and links to three recent stories under my byline. (I leaned on <a href="https://www.pcmag.com/authors/rob-pegoraro" rel="nofollow noopener" target="_blank">my PCMag affiliation</a> for this part.) An essay-question screen invited up to 500 words of self-promotional copy, which I provided with an <a href="https://en.wikipedia.org/wiki/Elevator_pitch" rel="nofollow noopener" target="_blank">elevator-pitch</a> version of <a href="https://www.linkedin.com/in/robpegoraro/" rel="nofollow noopener" target="_blank">my LinkedIn profile</a>.</p><p>Twenty-two days later, a “Welcome to Bluesky Verification!” e-mail landed in my inbox. That Monday-evening message brought the heartwarming news that “you are notable and that we’ve confirmed you are who you claim to be, helping other users find and trust your account on the Bluesky app.”</p><p>It further advised that I should “avoid changing account names or handles,” not let my account go dormant for too long (<a href="https://robpegoraro.com/2024/11/16/blueskys-blockbuster-week/" rel="nofollow noopener" target="_blank">no risk!</a>), and refrain from violating <a href="https://bsky.social/about/support/community-guidelines" rel="nofollow noopener" target="_blank">Bluesky’s community guidelines</a>.</p><p>I can live with all that. I also appreciate that this is the first verification badge which I’ve picked up on social media after playing strictly by a platform’s rules: My Twitter verification started with an IRL chat with a Twitter employee at <a href="https://robpegoraro.com/2014/09/27/newspaper-alumni-need-the-occasional-reunion-too/" rel="nofollow noopener" target="_blank">a journalism conference in 2014</a>, while somebody at Facebook verified <a href="https://robpegoraro.com/2025/04/18/facebooks-fading-utility/" rel="nofollow noopener" target="_blank">my now-deprecated public page</a> without me asking. </p><p>I got no such favor at Instagram, and seeing that platform <a href="https://robpegoraro.com/2022/10/19/instagrams-not-so-instant-response-to-an-instagram-impostor/" rel="nofollow noopener" target="_blank">ignore my reports of an obvious impostor</a> has<a href="https://bsky.app/profile/robpegoraro.com/post/3ldr3px64422l" rel="nofollow noopener" target="_blank"> left me exceedingly uninterested in paying for “Meta Verification.”</a> Which means my checkmark at Bluesky may be my only official social-media validation for some time to come, and I’m okay with that. </p><p><a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/authentication/" target="_blank">#authentication</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/bluecheck/" target="_blank">#bluecheck</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/bluesky/" target="_blank">#Bluesky</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/bluesky-verification/" target="_blank">#BlueskyVerification</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/bsky/" target="_blank">#bsky</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/checkmark/" target="_blank">#checkmark</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/domain-name-verification/" target="_blank">#domainNameVerification</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/facebook-verification/" target="_blank">#FacebookVerification</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/social-media/" target="_blank">#socialMedia</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/twitter-verification/" target="_blank">#TwitterVerification</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/validation/" target="_blank">#validation</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/verification/" target="_blank">#verification</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://robpegoraro.com/tag/verified/" target="_blank">#verified</a></p>