Losing your phone doesn't mean losing your identity. Digital credential systems are designed with device loss in mind, providing security protections that prevent misuse and clear pathways to restore access.
Why your credential is protected
Device binding ensures that a credential cannot be used on a different device. When the DMV issues your mobile driver's license, it's cryptographically locked to a unique key generated inside your phone's secure element. If someone finds or steals your phone, the design is intended to prevent extraction of the device key or transfer of the credential to another device under normal operating conditions and expected threat models.
Additionally, your wallet is protected by the same authentication method you use to unlock your phone, such as Face ID, fingerprint, or PIN. Without passing this authentication, the credential cannot be presented. Even if someone bypasses the lock screen, the cryptographic key in the secure element remains inaccessible without proper authentication.
What to do when you lose your phone
First, use your phone's built-in remote management (Find My iPhone, Google Find My Device) to lock or wipe the device. This prevents anyone from accessing your wallet or attempting to use your credentials.
Second, contact the issuing authority to report the loss. The DMV can revoke the credential bound to your lost device, marking it as invalid in the status system. Even if someone were to access the credential, verifiers checking the status would see that it's no longer valid.
Third, request a new credential for your replacement device. The DMV will verify your identity again (likely through remote proofing with facial matching and liveness detection) and provision a fresh credential bound to your new phone's unique device key.
Differences from physical IDs
Verifiable digital credentials actually offer better protection than physical cards when lost. A stolen physical driver's license can be used by anyone who resembles the photo on it. A stolen phone containing a verifiable digital credential is locked behind biometrics and device authentication, and the credential itself is bound to hardware the thief cannot access. The issuer can also instantly revoke the old credential, something impossible with a plastic card until you report it and request a replacement.
Want to keep learning?
Subscribe to our blog.
