The operation of modern security systems demands too much sophistication from the average user. Further, in the face of increasingly common malware and spyware, users are not empowered to protect themselves. To address these issues, I propose sub-identities, a simple abstract identity model for practical containment in the operating system. In this model, user identities form a hierarchy, and each user may create sub-identities at any time without the help or approval of an administrator. While this model does not provide the fine-grained security available with more intrusive or comprehensive systems, it provides a significant measure of drop-in security that is more accessible to the average user. In this work, I demonstrate an implementation of the abstract model of sub-identity in the form of a user-space toolkit, Pluggable Authentication Module, and user-space filesystem, as well as several applications of sub-identity and a continuum of disciplines for using sub-identity.