The tech company that maintains the hotel check-in system set its cloud storage to public, allowing anyone to access customers' data without a password.
Lastly if you are asking how you would deal with getting new credentials. There would be a mechanism similar to when you first get the electronic id where your previous device gets deauthorized and you authorize a new one.
All of these are allready solved problems at this point. We do this all the time with other credentials like online banking etc.
This varies by country, but in Norway for instance all of these things are already solved and online/phone banking is both safe and the most common way of doing things.
Loss/theft of phone is at worse a few phone calls and security questions to get it deauthorized (a properly secured phone would not be any significant hazard as mentioned in other responses) and authorizing a new device can be done with mail/SMS combo identification pr by showing up to a local office if you wanna do it that way.
Lastly if you are asking how you would deal with getting new credentials. There would be a mechanism similar to when you first get the electronic id where your previous device gets deauthorized and you authorize a new one.
All of these are allready solved problems at this point. We do this all the time with other credentials like online banking etc.
This varies by country, but in Norway for instance all of these things are already solved and online/phone banking is both safe and the most common way of doing things.
Loss/theft of phone is at worse a few phone calls and security questions to get it deauthorized (a properly secured phone would not be any significant hazard as mentioned in other responses) and authorizing a new device can be done with mail/SMS combo identification pr by showing up to a local office if you wanna do it that way.