I'm going to introduce you to a world that could have been, one that would have changed everything for security.

And it all starts with a guy named Jacob Brisbane.

In your universe, Jacob is a professor who retired last year.

In a world a step from yours, Jacob stayed at IBM.

Jacob was put on the team creating the IBM PS/2 personal computer. With a specialization in cathode ray tubes, he oversaw monitor subsystems. IBM controls everything - they decide.

Even in his 30s, his eyes are giving him trouble. He wants the brightness to adapt to lighting.

Jacob stubbornly argues that they differentiate their monitors - tailored to the executive lifestyle - with a phototransistor.

It would sense the brightness of the room, and adapt the brightness of the CRT. It was an extra cost, yes. But phototransistors were dropping in price.

The feature is introduced and becomes a cultural expectation. Monitors without are produced as IBM loses the PC, but as electronics manufacturing continues its drop in price, it's now generally included in all but the cheapest.

Every monitor will have a phototransistor.

It is 1993, and the Video Electronics Standards Association has a problem.

Monitors are rapidly advancing, but they don't have a good way to tell the computer how to automatically configure it.

They work on an extension to VGA called Extended Display Identification Data (EDID).

As work near completion, the chairperson of VESA has a request. Jacob Brisbane wants a command channel added.

There needs to be a way to tell the operating system the voltage of the phototransistor, so it knows how bright the room is.

Offload control to the OS. It's primitive.

In your world, that kind of data channel, DDC/CI, is nominally added to VGA in 1998. But with no champion, it languishes until only recently.

In their world, it's announced 1994. And with the ubiquity of phototransistors, there's a drive to implement it. Give the user control.

From a quirk of engineering, the channel providing a reading of the phototransistor is really fast. Like, it can see timing of a strobe.

It can see the peaks and valleys of the flashing.

It can see 1s and 0s.

It is a contactless, proximity data channel into the computer.

What does a world look like, where a machine in the hand, can talk to every machine on a desk? Any machine in the world?

No peripherals. No connectors. No special interfaces. Every single machine. With a physical presence requirement.

Well, you start getting possibilities.

But, a phototransistor is a receptor. You still have the same security problems as before with passwords, in the form of Replay Attacks.

You have to create a challenge-response. But how?

Right below the phototransistor on the computer, is an outbound strobe.

The monitor itself

It is the year 1995, and the world has multi-factor authentication.

It is the username. The password.
And the watch on your wrist. It would get a challenge, and flash a response.

We could have done it. But in your world, an IBM employee decided to leave.

In your world, you rely on the human mind for a task it can never succeed at. Memorizing strings of obtuse data called passwords.

Computer security seems intractable. Data loss and damage is a global threat.

In your world, all that's left is a single question.

"What if?"

So how does it work?

Jane is a user and she has a TimeAuth watch. It comes preconfigured with a private key, with the seed printed on cards for storage.

On each website, Jane registers email and password. Next page, she is asked to activate REGISTER on watch and show to screen.