How to Know if a Candidate Actually Wrote the Code They Claim To

In the age of ChatGPT, GitHub Copilot, and endless code repositories, there's an uncomfortable truth every hiring manager needs to face: that impressive project on a candidate's resume might not actually be their work.

Whether it's copy-pasted from Stack Overflow, generated by AI, lifted from a bootcamp project, or "borrowed" from a former teammate, code authenticity has become one of the biggest challenges in technical hiring. The good news? There are proven ways to verify whether a candidate genuinely wrote what they claim, even if you're not a developer yourself.

Here's how to separate the real builders from the portfolio pretenders.

1. Ask Them to Walk Through Their Code (With Specific Questions)

This is your first and most powerful tool. Request that candidates share their code before the interview (via GitHub, a portfolio, or a code sample) and come prepared with specific questions about it.

How to do it:

• Pick a specific function or component from their code (doesn't have to be the most complex)
• Ask: "Can you walk me through what this section does, line by line?"
• Follow up with: "Why did you choose this approach over alternatives?"
• Then ask: "If you had to add [specific feature], where and how would you modify this code?"

What you're listening for:

• Do they navigate their own code confidently or hesitate?
• Can they explain their reasoning for specific implementation choices?
• Do they remember the challenges they faced while writing it?
• Can they discuss what they'd improve or do differently now?

Red flags:

• Vague explanations like "This part handles the data processing"
• Inability to explain why they used specific methods or libraries
• Confusion about the code structure or flow
• Saying "I don't remember" for multiple sections of recent projects

Why it works: Developers who actually wrote the code can tell you the story behind it. They remember the bugs they fought, the refactoring they did, the alternatives they considered. Code they copied won't have that depth of context.

Pro tip: Ask about the most frustrating bug they encountered in that specific project. Real developers will light up (or grimace) with the memory. Frauds will struggle to manufacture a convincing story.

2. Request a Live Coding Session (But Make It Conversational)

Live coding doesn't mean watching someone build an entire application under pressure. It means observing how they think through a problem in real-time.

How to do it:

• Use a collaborative coding environment (like CoderPad, Replit, or even Google Docs)
• Give them a small, related task based on their claimed expertise
• Example: "You mentioned you built a user authentication system. Can you write a simple function that validates an email format?"
• Encourage them to think aloud and ask questions

What you're observing:

• Do they know where to start, or do they freeze completely?
• Are they comfortable with basic syntax in their claimed language?
• Do they make typical developer mistakes (typos, semicolons, brackets) or perfect AI-generated code?
• How do they react when something doesn't work? Do they debug methodically or panic?

Green flags:

• They think aloud: "Okay, so first I need to check if there's an @ symbol..."
• They make small mistakes and catch them naturally
• They ask clarifying questions about requirements
• They reference documentation when needed (that's normal and good)

Red flags:

• Complete inability to write basic code in their "expert" language
• Perfect syntax with zero typos (might indicate heavy AI assistance during practice)
• Copying and pasting from another window repeatedly
• Panic or extreme discomfort with simple tasks they claim to do daily

Why it works: You can memorize talking points about code. You can't fake the muscle memory of actually writing it. Real developers have a natural rhythm when coding, even under pressure.

If conducting these technical verifications feels outside your wheelhouse, or you'd rather skip this entire screening process, RemoteEngine connects you with pre-vetted problem solvers who've already been through rigorous code authenticity checks. Sometimes the smartest move is working with engineers whose skills have already been validated.

3. Ask About Their Development Environment and Workflow

Developers who regularly code have strong opinions and habits about their tools. Posers often overlook these details.

Questions to ask:

• "What code editor or IDE do you prefer, and why?"
• "Walk me through your typical workflow when starting a new feature"
• "What tools do you use for debugging?"
• "How do you handle version control in your projects?"
• "What's your testing process like?"

What genuine developers sound like:

• "I use VS Code with these specific extensions because..."
• "I usually start by writing tests first, then..."
• "For debugging, I use Chrome DevTools combined with console logs..."
• "I commit frequently with descriptive messages, usually after each feature..."

What frauds sound like:

• Generic answers: "I just use whatever the team uses"
• Inconsistent details: Claims to be an expert React developer but doesn't know common React debugging tools
• No personal preferences or workflow insights
• Textbook answers that sound memorized

Deep-dive questions:

• "Tell me about a time your development environment setup saved you significant time"
• "What's the most annoying bug you've had to debug recently, and what tools helped you solve it?"
• "How do you organize your files and folders in a typical project?"

Why it works: Developers spend hours daily in their development environment. They develop preferences, shortcuts, and strong opinions. Someone who copied code from GitHub won't have these lived experiences or practical knowledge about the development process.

4. Review Their GitHub Activity (Beyond the Green Squares)

A GitHub profile tells a story, but you need to know what to look for beyond the contribution graph.

What to examine:

• Commit history: Do commits show gradual development or bulk uploads?
• Commit messages: Are they descriptive ("Fixed authentication bug in login flow") or generic ("Update", "Fixed stuff")?
• Code evolution: Can you see iterations, bug fixes, and improvements over time?
• Issue discussions: Do they engage with issues on their own repos or others?
• Pull request reviews: Do they give thoughtful code reviews on other projects?

Green flags:

• Consistent activity over time (even if modest)
• Commit messages that tell a story of development
• Evidence of refactoring and improvements
• Engagement with the developer community
• Projects with README files, documentation, and proper setup

Red flags:

• Repository created days before applying
• All code committed in 1-2 bulk uploads
• Generic commit messages throughout
• Zero engagement with issues or discussions
• Forked projects with minimal modifications
• Projects that match popular tutorial repos exactly

Advanced check: Look at their contribution timeline. Do they have consistent activity, or did they suddenly become active right before job hunting? Compare project complexity with their claimed experience level.

Why it works: Building software is a process. Real projects show evolution, mistakes, corrections, and learning. Copied or purchased projects get dumped into repos all at once without that developmental history.

5. Ask Them to Critique or Improve Code (Including Their Own)

Give them a code snippet (could even be from their own project) and ask them to review it critically.

How to do it:

• Show them a piece of code with deliberate issues (performance problems, security gaps, poor readability)
• Or ask: "Looking at this code from your project, what would you change if you were writing it today?"
• Present a simple problem and ask: "How would you approach solving this?"

What you're evaluating:

• Can they identify problems in code (even if not perfectly)?
• Do they think about multiple aspects (performance, security, maintainability, readability)?
• Can they articulate improvements with reasoning?
• Do they show awareness of best practices and trade-offs?

Strong responses include:

• "This function is doing too many things; I'd break it into smaller pieces..."
• "This could be a security issue because..."
• "The variable names aren't descriptive; I'd rename them to..."
• "This works but it's inefficient for large datasets; I'd use..."

Red flags:

• Can't identify any issues in obviously problematic code
• Only focuses on superficial issues (formatting, spacing)
• Suggests changes without explaining why
• Becomes defensive when reviewing their own code

Why it works: Developers who've genuinely worked through problems develop critical thinking about code quality. They've encountered bad code (including their own old code) and learned from it. Someone who copied their portfolio won't have this analytical depth or the humility that comes from real experience.

6. Check for Consistency Across Their Experience

Look for patterns that reveal authenticity or deception across their entire profile.

What to cross-reference:

• Does their LinkedIn match their resume and portfolio?
• Do claimed dates align across platforms?
• Does their portfolio complexity match their stated experience level?
• Are their technical blog posts (if any) in their own voice, or do they sound like different authors?
• Do their Stack Overflow or forum contributions align with their claimed expertise?

Questions to ask:

• "I noticed you worked at [Company X] from 2022-2023. What technologies did that team use?"
• "Your portfolio shows mostly Python projects, but your resume emphasizes JavaScript. Can you explain?"
• "You mention contributing to open source. Which projects, and what did you contribute?"

Inconsistency examples:

• Resume claims 5 years of React experience, but GitHub shows first React commit 6 months ago
• Portfolio has advanced machine learning projects, but can't explain basic ML concepts
• Claims to have led projects but can only discuss individual contributor tasks
• Different technical skill levels across different projects without explanation

Why it works: Lies require a perfect memory. Authentic experience is naturally consistent because it actually happened. Cross-referencing multiple sources reveals disconnects that suggest embellishment or fraud.

7. Ask About Their Learning Journey

Developers are continuous learners. Asking about how they learned reveals authenticity.

Questions to ask:

• "How did you learn [technology X] that you used in this project?"
• "What resources do you use when you're stuck on a problem?"
• "What's something you've learned recently that changed how you code?"
• "Tell me about a technology you tried to learn but struggled with"

Authentic answers include:

• Specific courses, books, or documentation they used
• Communities they engage with (Reddit, Discord, forums)
• Specific blog posts or tutorials that helped them
• Honest struggles and how they overcame them
• Mistakes they made while learning

Red flags:

• Vague answers: "I just figured it out"
• Can't name specific learning resources
• No stories of struggle or confusion
• Claims everything was easy and intuitive
• Can't discuss recent learning or skill development

Why it works: Learning to code involves specific resources, communities, and challenges. Developers remember the tutorials that clicked, the documentation that confused them, the community members who helped. Frauds won't have these detailed, personal learning narratives.

Bringing It All Together

Verifying code authenticity isn't about being a technical expert yourself. It's about listening for the markers of genuine experience:

• Specific stories and context around the code they wrote
• Natural comfort navigating and discussing their own work
• Practical knowledge of tools, workflows, and development processes
• Consistent patterns across their portfolio, profiles, and conversations
• Critical thinking about code quality and improvements
• Learning narratives that show how they developed their skills
• Real challenges and honest discussions about struggles and mistakes

The developers you want aren't those with perfect portfolios. They're the ones who can tell you the messy, human story behind building real software.

Of course, if this entire verification process feels like more work than you have time for, RemoteEngine offers a simpler path. They provide access to vetted problem solvers who've already been through comprehensive authenticity checks, so you can skip straight to working with genuine engineers who've proven they can build what they claim.

Remember: authentic developers welcome questions about their work. They're proud of what they've built and eager to discuss it. Those who can't are showing you exactly who they are.

Trust your instincts, ask the right questions, and you'll find the real builders every time.