Unlike photos or documents that sync seamlessly across devices through cloud storage, verifiable digital credentials present unique challenges for multi-device access. The security properties that make credentials trustworthy, particularly device binding, create inherent tensions with the convenience of accessing credentials from any device.
The device binding tradeoff
High-assurance credentials like mobile driver's licenses are cryptographically bound to a specific device. The credential is locked to a unique key generated in the phone's secure element, hardware specifically designed to prevent key extraction. This binding is what prevents credential theft and unauthorized transfer.
This security property means that, by design, a credential issued to one device cannot simply be copied to another. The same feature that protects against theft also prevents casual syncing.
Current approaches
Today, most credential systems require re-provisioning when moving to a new device. When you get a new phone, you request that the issuer provide a fresh credential bound to the new device's keys. The issuer verifies your identity again, potentially through simplified re-proofing since you're an existing credential holder, and issues a new credential.
Some credential formats support platform-level backup and restoration through Apple's or Google's cloud infrastructure. However, these mechanisms have limitations and may not apply to all credential types. Some OEM wallets impose their own rules on credential storage and migration.
Emerging solutions
The ecosystem is exploring approaches that strike a balance between security and portability. These include secure credential migration protocols that allow controlled transfer between certified wallets, backup mechanisms that protect credential data without exposing cryptographic keys, and identity-based recovery that uses strong re-authentication to provision credentials on new devices.
Recovery and portability depend partly on platform ecosystems, Apple, Google, and wallet providers each have their own approaches. The risk of lock-in exists if credentials cannot move between providers, which is why open standards and interoperability requirements are essential for long-term portability.
What this means for users
For now, expect to re-provision credentials when switching devices or wallets. Keep your issuing authorities' contact information accessible for when you need to request new credentials. And remember that the inconvenience of re-provisioning is the flip side of the security that protects your credentials from theft.
Want to keep learning?
Subscribe to our blog.
