Mobile credentials: the end of the keycard
What we learned shipping Apple Wallet and Google Wallet credentials to 50,000 users across 40 sites.
The keycard problem
Keycards are the floppy disks of physical security. They get lost, they get cloned, and replacing them costs time and money. Worse, they’re a single factor with zero context — a keycard doesn’t know if it was stolen.
Going mobile-first
We shipped Apple Wallet and Google Wallet credential support across 40 sites and 50,000 users. Here’s what we learned:
Adoption was faster than expected. Within two weeks, 73% of users had switched to mobile credentials voluntarily. The remaining holdouts were mostly in environments where phones aren’t permitted on the floor.
Battery anxiety is real but manageable. We worked with both Apple and Google to optimize NFC power usage. The result: a 35% reduction in battery impact on iOS compared to our initial implementation.
Revocation is instant. Unlike physical cards that need to be collected, a mobile credential can be revoked in milliseconds from anywhere in the world.
What’s next
We’re working on context-aware credentials that factor in location, time, and device trust signals. A credential that knows it’s being used from an unusual location at 3 AM can trigger additional verification automatically.
