Why Does the Internet Still Run on “Spare Keys Under the Mat”?
Let’s forget about tech for a second and talk about the "good old days" and my house keys when I was a kid.
Let’s talk about the good old days when I grew up in a small town in South Dakota. Everybody knew everybody and we lived in a neighborhood where everyone kept a spare key under the front doormat. It was easy. We all trusted everybody. The pizza guy could get in. The babysitter could get in. Your friend could borrow a book. In the old days, in my small town, people actually left their car ignition key in the car overnight!
But there’s a problem. That was then…today it’s much more challenging.
Anyone who finds your house key can use it. Today, tomorrow, next week. Until you change the locks. The old days are gone and they are not coming back…today, there are bad actors out there even in my little town.
Now let’s complicate things a bit and introduce computers and the internet.
What’s a “secret” online?
On the Internet, a secret is anything that lets you in:
Your password to log in.
The “remember me” token your browser saves.
An API key that lets one app talk to another app.
Most of the time, these secrets stick around: they live in files, in code, in old systems. Even worse, little notebooks or sticky notes with your passwords written down. People forget about them. But computers don’t forget.
Why that’s a problem
If someone steals one of those secrets, it’s like finding a house key under the mat.
They can:
Log in as you.
Pretend to be your app or your company.
Keep doing it for months or years, until someone notices.
This isn’t a rare thing—stolen passwords and other “secrets” show up in about half of all data breaches, and each breach can cost organzations millions of dollars to clean up.
Hackers don’t have to “break the math” or crack fancy codes. They just have to find your old keys. The scary thing…those old keys don’t have an expiration date.
A better way: hotel key cards
Now think about a hotel.
You get a key card that:
Only works for your room.
Only works for your stay.
Stops working when you check out.
If you lose it, the hotel prints a new one and the old one is useless. No one keeps a spare key under the mat.
That’s the idea we are bringing to the Internet:
Keys that don’t last long.
Keys that are easy to replace.
A clear record of who used which key, and when.
So what did we “fix”?
We didn’t magically fix every problem on the Internet.
But we did build a new way to stop using “spare keys under the mat” and start using hotel‑style keys that:
Change often.
Are tied to a real and provable record.
Don’t turn one mistake into a long‑term disaster.
Super easy to change!
If my grandkids remember one thing, I want it to be this:
“Good systems don’t just trust people. They use keys that expire and receipts that prove what actually happened.”