I explore our journey with IP-based authentication as part of a major re-engineering of our authentication methods. I will focus on the inherent performance challenges and unexpected issues we encountered... in production. I will talk about why IP authentication, despite its initial appeal, is a problematic solution in practice.

- The fundamental flaw
- Performance implications of constant IP checks
- Production rollout tale: Massive error rates (>30k/hour)
- Root cause analysis: Unexpected impact of cookieless crawlers
- Lessons learned

I will offer insights for engineers considering IP authentication (don't do it). I will discuss how the requirement for constant IP checking creates a performance bottleneck, and how seemingly minor factors like crawler behavior and old clients can significantly impact system stability. I will also talk about our production fuckups and how we tried to find out if our customers really had a problem or if this was just a storm in the waterglas.