By Douglas Borthwick · June 7, 2026
It got me into the building, into MoMA for free, and a discount at the gym. It felt like one key. It was three forgeable things taped together — and every one of them asked who I was to decide whether I belonged.
By Douglas Borthwick · June 7, 2026
From 1996 to 2005 I worked at Morgan Stanley. It is still the best place I have ever worked. And one of the small, quiet pleasures of being there was the badge.
That badge got me through the turnstile every morning. It also got me into the Museum of Modern Art for free — me and a couple of guests — and it knocked the price down at the gym, and it was good for cheaper movie and theater tickets around town. None of that was unusual. Big firms have done this for decades. You belong to the firm, so the city opens up a little. The badge was a membership in something, and the something was generous.
I loved it then. I didn't think about how it worked. Twenty years later I build access infrastructure for a living, and I finally looked closely at that badge — and realized it was never one thing. It was three completely different things wearing the same piece of plastic.
The turnstile read a chip inside the badge. The museum read the printed face — a guard glanced at the name and the logo and waved me through. The gym, and the perks portal behind it, didn't read the badge at all; they wanted my work email and a login. One card, and not one of those three readers could do the other two's job. The turnstile couldn't read the logo. The museum couldn't read the chip. The portal ignored both.
So the "one key" was a costume. Underneath it were three separate trust systems, and here is the part that nags at me as an engineer: every one of them was weak, and every one of them worked the same backwards way.
The chip in a standard office badge can be cloned in seconds with a reader that costs about ten dollars. The printed face is a laminate — anyone can make one. The portal login is an email and a password, and the coupon it hands you is a code that, once issued, works for whoever you forward it to. Three forms of proof, all forgeable, all shareable, and none of them revoked the day you leave.
And all three answered the same question to decide whether to let me in: who are you? The badge proved my identity — to the turnstile, to the guard, to the directory — and from my identity each reader inferred that I qualified. We treat that as obvious. It is not obvious. It is just old.
Once you see the pattern in a badge, you see it everywhere, and you see how much machinery we've built to keep doing it the hard way.
There are companies whose entire business is verifying that you are a particular kind of person so a brand can give you a price. One of them, SheerID, says it has verified the identity of more than two and a half billion people — students, teachers, military, nurses, first responders — against more than two hundred thousand authoritative data sources. Another, ID.me, does the same for retailers like Peloton: prove who you are, and unlock the discount. Sit with that. To take ten percent off a treadmill for a nurse, the system first confirms her identity against a global database.
Then there are the perks platforms — Abenity, BenefitHub, Working Advantage — quietly enormous. Abenity alone claims more than a million redemption locations across ten thousand cities. The credential there is a login: you sign into a gated directory with your work email, and it hands you a code.
And then there is the oldest version of all, the one near every office in the world: show your badge and ask. The café, the lunch spot, the bookstore. A human looks at your laminate and decides you're good for it.
Three mechanisms, the same three as my badge, scaled up to the whole economy. Verify an identity. Log into a directory. Eyeball a card. Billions of people, a million locations, and underneath all of it the same backwards question: who are you, so I can decide if you qualify?
The recognition is real and good. We have just been authenticating it with databases, logins, and laminates — because the better thing didn't exist yet.
Here is the move that flips it. Stop asking who someone is. Ask only the thing you actually care about: do they hold the pass?
That is what we build at Skye Meta. A community — a firm, a club, a team, a school, a shop — issues one membership pass. It lives in the member's own wallet, not stuck on a single device — it's with them on their phone, their PC, a new laptop, wherever they sign in. It can't be copied, sold, or handed to someone who doesn't belong; that isn't marketing — the pass is locked to one person at the contract level, so a transfer simply won't go through, and anyone can check that for themselves. And when a member walks up to a door, a checkout, or a counter, the only question asked is whether they hold the pass. The answer comes back as a cryptographically signed yes or no that anyone can verify, with no company to take on faith.
No identity is collected. No account is created. No directory of names and numbers sits in a document waiting to be screenshotted. The pass is the qualification, so "who are you?" never gets asked. SheerID verifies two and a half billion identities to do what a pass does with a signature and zero personal data.
Underneath, this runs on InsumerAPI — the condition-based access engine that reads the real answer to one question and signs it. Bothy is the part you and your members touch: it issues the pass and recognizes it everywhere you choose. The engine just signs each yes or no. Two floors, one staircase.
None of this is a someday. The recognition half is running now. With one Skye license a community can:
| The old way | The Bothy way |
|---|---|
| A "members-only" link that works for anyone who has the link | Members-only pages, posts and downloads that simply aren't there unless the pass checks out |
| A coupon code that spreads to strangers | Member pricing tied to the pass, online — no code to leak |
| A punch card and a guard's memory at the counter | A tap at the register that applies the member price — staff never see a wallet |
| A printed directory one screenshot from a telemarketer | No directory at all — the membership is a pass in the member's wallet, on every device they use, not a contact list |
And because no one negotiates with a head office — there is no head office — the recognition crosses over on its own. A coffee shop can choose to honor a local school's pass. A bookstore can welcome an alumni group. The same instinct behind the Morgan Stanley badge — you belong to something, so the neighborhood opens up a little — except now the corner shop can do exactly what the bank did, and the welcome can't be forged and never leaks a name.
I'll tell you what I see when I look back at that badge, because it's the reason we're building this.
The strongest thing the badge did was the turnstile — the actual door to the building. That's the hardest version of recognition, the one with real authority behind it, and it's where this is headed next: the same pass, the office door, opening only during the hours you're meant to be there. After that, the car. We're building toward both, carefully — a door is a thing you can't afford to get wrong, and a car even more so — so I won't tell you it opens your office today. It doesn't, yet. But the model is the same model that already moves a member's price at a checkout: hold the pass, satisfy the rule, get a signed yes. The bolt is just another reader obeying the same answer the museum desk would.
One pass. Login to work, the office door at the right hours, the car, a free afternoon at the museum, a better price at the gym. Four of those five already exist as real corporate perks — I lived them. They were just built out of a clonable chip, a laminate, a login, and a guard's good faith, because in 2001 a pass that couldn't be copied and revealed nothing about you wasn't a thing you could hold in your hand.
Now it is. I look back at that Morgan Stanley badge and I don't feel nostalgia. I see the future. We just had the wrong technology for a right idea.
Keep reading: Bothy: A Pass, Not a Password, the companion piece on why a pass beats a password, a login, and "Sign in with Google."
Powered by InsumerAPI. Every Skye Meta product runs on InsumerAPI, the condition-based access engine. When someone shows their pass, it reads the real answer to one question — does this person hold it? — and returns a cryptographically signed yes or no that anyone can check. No identity collected, no account to manage, no secret to steal. Just a signed answer.
Douglas Borthwick spent a decade at Morgan Stanley in institutional FX and derivatives, ran FX proprietary trading at Merrill Lynch, helped run the first registered security IPO on the blockchain, and is the author of five books on blockchain and digital assets. He is the founder of Skye Meta, which builds condition-based access products on InsumerAPI.