Peer-to-peer authentication involves generating an authenticatable, globally unique, peer-to-peer identifier to associate a device with a user identity. The user identity is associated with one or more peer devices of a user. The peer-to-peer identifier, together with authentication credentials of a legacy Internet service, is sent to an infrastructure authentication service. The legacy Internet service is capable of verifying the user identity based on the authentication credentials. Based on verification of the authentication credentials, a list of authenticatable, globally unique, peer-to-peer identifiers that bind the peer devices to the user identity is received from the infrastructure authentication service. A peer-to-peer identifier that binds the selected peer device to the user identity is received from a selected one of the peer devices, and the selected peer device authenticated as associated with the user identity based on receiving the respective peer-to-peer identifier.