Files
trust-issues/src/content/stories/old-phone-real-identity-test.md
T
Compleet 0e7871f395
validate / validate (push) Successful in 22s
Restructure navigation around What's up / Opine and the reader's utilities
- Stories gain a required type (report | essay); all 28 classified per
  the boundary rule now stated in EDITORIAL.md
- Nav: What's up · Opine · Podcast · Book · Guides · Forum, each gated
  on real content (Forum waits on a forumUrl); logo is Home
- /whats-up (reports, newest first) and /opine (essays, editorial order)
  share a StoryArchive component with subject filters
- Static /tags/<tag> pages for subjects carried by 2+ stories; tags stay
  overlapping, never exclusive departments
- /corrections: generated from revision history (commits beginning
  'Correction:'), so the page cannot under-report
- About, RSS, Corrections, Weekly briefing move to the footer

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-14 14:37:44 +01:00

79 lines
4.2 KiB
Markdown

---
title: "Your old phone is the real identity test"
type: essay
description: "Login demos happen on new devices. Trust is decided after a theft, a dead battery, a changed number, or a relationship someone needs to escape."
published: 2026-07-14
editorialOrder: 2
reviewed: 2026-07-14
author: "Ana"
maintainers: ["Ana"]
status: developing
featured: false
homepage: true
section: "Recovery"
frontTone: paper
draft: false
tags: ["recovery", "passkeys", "wallets", "safety"]
image: "https://images.unsplash.com/photo-1654944932733-bca31b703dd7?auto=format&fit=crop&w=1600&q=82"
imageAlt: "A bunch of keys, one inserted into an old wooden door"
imageCredit: "Raphael GB"
imageCreditUrl: "https://unsplash.com/photos/a-key-on-a-door-dofnXBVZ51c"
trustPattern:
claim: "Keeping credentials on a personal device gives the individual control."
trusted: "The person must trust device backups, account recovery, telecoms, support staff, and any family or platform account involved in synchronisation."
failure: "When the device disappears, control may quietly return to the institution—or to whoever controls the recovery channel."
---
Security products are usually demonstrated in the first five minutes of ownership. The phone is charged. The screen is intact. The face scanner recognises its owner. A credential appears with a satisfying animation.
The meaningful demonstration starts two years later.
The phone fell into the sea. The number was recycled. A cloud account is shared with a spouse the owner is trying to leave. The name on a government record changed but the bank's record did not. The person has their password but not the old device; their document but not the email address; their face but not quite the face the enrollment camera remembers.
At that point, the recovery system becomes the identity system.
## Recovery is governance
Passkeys, digital wallets and hardware-backed credentials can remove whole classes of attack. They can also make an account wonderfully easy to use on an ordinary day. But none abolishes the question of who restores access.
Recovery may depend on:
- another device already signed into the same platform account;
- a cloud-synchronised credential store;
- a phone number and mobile network;
- identity documents checked by support staff;
- a bank branch, municipal office or employer;
- trusted contacts or recovery codes;
- creating an entirely new credential and convincing every relying party to accept it.
Each option is a governance choice disguised as a help screen. It decides which evidence outranks which, who may make an exception, and who can be locked out by a person with access to their household devices.
## The safest default for whom?
"Ask the account owner" works badly when account ownership is itself contested. "Send a code to the phone" works badly after theft or coercive control. "Visit an office" may be a humane fallback for one person and an impossible journey for another. Social recovery distributes power, but it also reveals dependencies and assumes the social circle is safe.
There is no perfect answer. There are only threat models that admit whom they protect.
This suggests a better product review. Do not ask only whether enrollment resists fraud. Test the five ugly transitions:
1. lost device;
2. changed phone number;
3. changed legal name;
4. death or incapacity;
5. escape from a controlling household.
A system that cannot explain these cases has not finished its security model. It has stopped at the happy path.
## The constitutional layer
Recovery feels secondary because it is used less often. Constitutions are also used less often than ordinary procedures. Both matter most when normal authority breaks down.
Whoever controls recovery can override keys, records and prior consent. That actor may be a state, a platform, a bank, a group of friends or the user alone with a piece of paper. The choice can be reasonable. It cannot be absent.
The old phone is useful because it makes the hidden constitution visible. When the elegant credential is gone, whom does the system believe?
### Further reading
- [FIDO Alliance: Passkeys](https://fidoalliance.org/passkeys/)
- [European Digital Identity Wallet architecture](https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework)