If you’re able to hold all your data on your phone, what happens if you lose it or it gets stolen?
By Trevor Butterworth
One of the key benefits of decentralized identity is that you now get to hold and control your data instead of a third party putting it in a database. The benefits are enormous in terms of privacy and security: no more tracking, no risk of a data breach putting your personal data at risk.
Scenario one — what happens if you lose your phone? Or someone steals it? Won’t they have access to all your data? And how do you get yours back?
First, you do exactly what you would do if you lost your wallet or passport: You inform your bank and the passport office.
Just as Verifiable Credentials are cryptographically verified, they can be cryptographically revoked. Once revoked, that’s it — they cannot be used by anyone ever again.
This means that you’ll have to go through the relevant identity assurance/KYC process again to get new credentials. This ensures that you — and not someone else — gets your new credential. Not having cloud backup increases security.
Scenario two — what could happen to my data between the point of losing my phone and my credentials being revoked?
There are two layers of security: Biometrics or a passcode to unlock a phone and biometrics or a passcode to unlock the digital wallet containing your credentials.
As long as you don’t use “000000” or “123456” for your passcode, the chances of a random six-digit number being guessed correctly are one in a million. Now add in a second different passcode for accessing your digital wallet and factor in phone lockouts after a certain number of incorrect guesses.
Similarly, someone who finds a lost phone or randomly steals one is also not going to be able to simulate your biometrics to access the phone from simply having your physical phone.
In short, when you combine the security benefits of holding your own data with the seamless authentication provided by cryptography, all wrapped in multiple layers of biometric-passcode security, Verifiable Credentials represent a massive net gain on how we currently manage identity online and off.
To learn more you can watch a recent demonstration of what happens when you lose your digital wallet on Indicio’s YouTube channel, or read about Indicio’s full solution Proven.
