The tech company that maintains the hotel check-in system set its cloud storage to public, allowing anyone to access customers' data without a password.
Lastly if you are asking how you would deal with getting new credentials. There would be a mechanism similar to when you first get the electronic id where your previous device gets deauthorized and you authorize a new one.
All of these are allready solved problems at this point. We do this all the time with other credentials like online banking etc.
This varies by country, but in Norway for instance all of these things are already solved and online/phone banking is both safe and the most common way of doing things.
Loss/theft of phone is at worse a few phone calls and security questions to get it deauthorized (a properly secured phone would not be any significant hazard as mentioned in other responses) and authorizing a new device can be done with mail/SMS combo identification pr by showing up to a local office if you wanna do it that way.
It of course requires on device lock, like a pin or biometrics.
Also anyone with a nibble of security awareness will have their phone properly secured so it cannot be opened by anyone else.
(My phone requires face match, fingerprint or 6 digit pin. Additionaly it locks up to only accept the pin if it moves out of range of my smartwatch. It can also be remotely locked further, traced, and even remotely wiped)
If you run your phone without security pin or fingerprintint lock, this would be the least of your worries if your phone got stolen.
What happens if someone steals your phone?
Even if that was a vulnerability, they’re never going to steal a million phones at once
Are you asking how you would confirm without your phone or asking about someone stealing your credentials or impersonating you?
To the first I’d ask how do you confirm identity if someone steals your wallet? But also, I’d probably be able to confirm with my watch as well.
To the second, my phone would be a brick before they ever got it unlocked.
Lastly if you are asking how you would deal with getting new credentials. There would be a mechanism similar to when you first get the electronic id where your previous device gets deauthorized and you authorize a new one.
All of these are allready solved problems at this point. We do this all the time with other credentials like online banking etc.
This varies by country, but in Norway for instance all of these things are already solved and online/phone banking is both safe and the most common way of doing things.
Loss/theft of phone is at worse a few phone calls and security questions to get it deauthorized (a properly secured phone would not be any significant hazard as mentioned in other responses) and authorizing a new device can be done with mail/SMS combo identification pr by showing up to a local office if you wanna do it that way.
It of course requires on device lock, like a pin or biometrics.
Also anyone with a nibble of security awareness will have their phone properly secured so it cannot be opened by anyone else.
(My phone requires face match, fingerprint or 6 digit pin. Additionaly it locks up to only accept the pin if it moves out of range of my smartwatch. It can also be remotely locked further, traced, and even remotely wiped)
If you run your phone without security pin or fingerprintint lock, this would be the least of your worries if your phone got stolen.
How are your banking apps secured?