Summary: Digital room keys aren't just more convenient than physical keycards — they're more secure. This article explains how the technology protects you, what happens if your phone is lost or stolen, and how digital keys compare to physical ones.
Permissions: Guests of any property that is integrated with digital key providers, such as Salto or Dormakaba, etc.
Why digital keys are more secure than physical keycards
A physical keycard has no owner. Once it leaves the front desk, the hotel has no way to know who's carrying it, whether it's been copied, or whether it's in the right hands.
A digital key is different at a fundamental level:
It's tied to your specific device and your personal account (Apple or Google).
It requires biometric authentication or a passcode to provision in the first place.
It was never handed over a front desk counter — so it can't be handed to someone else either.
It can be revoked instantly, remotely, by you or by hotel staff.
How your key is protected
Your key is bound to your device
When you add a room key to Apple Wallet or Google Wallet, it's cryptographically linked to that specific device. Before you can add a key, both platforms require:
A verified account — Apple Account with iCloud, or a personal Google Account.
A screen lock — Face ID, Touch ID, fingerprint, or PIN — already set up on your device.
These are platform-level requirements. A room key simply cannot be added to a device that doesn't meet them. This means your room access is tied to a verified identity on a secured device — a much stronger starting point than a plastic card.
Your identity is verified before the key is issued
Before you can even begin adding your key, the hotel's system checks who you are. Depending on your hotel's setup, this may include:
Signing in with your existing guest account or through Single Sign-On.
Providing your booking reference, property location, and surname — details that only someone with access to the original booking would have.
Completing a two-factor verification by email or SMS (a one-time passcode sent to you). Even if someone had your booking details, they'd still need access to your inbox or phone to get through this step.
You don't need to unlock your phone to use it
Apple Wallet (Express Mode): Your iPhone or Apple Watch unlocks the door without you needing to wake or unlock it. Just hold your device near the reader.
Google Wallet: You need to wake your screen, but you don't need to enter your PIN or fingerprint for most interactions.
Your key works even if your battery is low
Apple Wallet (Power Reserve): On iPhone XS and later, your room key continues to work for up to 5 hours after your battery runs out.
Google Wallet: Requires your phone to be powered on. If your battery dies, visit the front desk for a physical keycard.
If your phone is lost or stolen
Act quickly — both platforms give you remote control:
Apple Wallet:
Open the Find My app or go to iCloud.com.
Mark your device as lost or erase it.
All cards and keys in Apple Wallet are deactivated the moment your device connects to a network.
Google Wallet:
Go to google.com/android/find.
Remotely lock or erase your device. This disables all stored keys.
In both cases, contact the hotel front desk immediately. Staff can revoke your digital key directly from the hotel systems — without needing to access your device.
What the hotel can do on their end
Hotel staff have additional controls that don't exist for physical keycards:
Revoke a key instantly — your key is deactivated immediately, with no need to collect a card.
Suspend a key temporarily — if a situation requires a pause (a welfare check, a payment issue), staff can suspend your access and restore it later. You won't need to re-add your key.
Restrict specific guests — if a hotel needs to prevent a particular guest from using a digital key, they can block it at the profile level. The restriction is enforced automatically, regardless of how the guest tries to add a key.
How many devices can the key be on at once?
Both Apple and Google set their own platform limits, and the hotel also configures its own device limits on top of that. This prevents a key from being active on more devices than the hotel allows at any one time.
🗒️ Note: Device limits vary by hotel. If you try to add your key to a new device and it doesn't work, you may have reached your hotel's limit. Contact the front desk if you need help.
Key sharing
Apple Wallet supports secure key sharing. You can share your room key with travel companions directly from the Wallet app. Protections include:
Shared keys can be protected with a PIN (share the PIN separately for extra security).
Recipients cannot re-share the key — only you can initiate sharing.
You can revoke any shared key at any time.
Shared keys automatically expire at checkout and update if your stay is extended.
No personal information is shared with recipients.
Google Wallet does not currently support key sharing. Other guests in your party will need their own key or a physical keycard.
Your privacy
Neither Apple nor Google tracks when or where you use your room key. The key is processed locally on your device. Your movements through the hotel are not shared with or stored by Apple or Google.
Common Questions
Q: Can someone clone or copy my digital key?
A: No. Unlike a physical keycard (which can be scanned and cloned with off-the-shelf equipment), digital keys use cryptographic technology that binds them to your specific device. They cannot be copied or transferred to another device without your action.
Q: What happens to my key at checkout?
A: Your key automatically expires at your checkout time. Shared keys expire at the same time. If your stay is extended, your key (and any shared keys) updates automatically.
Q: Does the hotel know where I am when I use my key?
A: The hotel's lock system records door access events (which door, what time) in the same way it would for a physical keycard. However, neither Apple nor Google tracks or shares your location or movements with the hotel.
Q: Is a digital key safer than a physical keycard?
A: Yes, in most measurable ways:
| Physical Keycard | Digital Key |
Tied to a verified identity | No | Yes |
Can be handed to a stranger at reception | Yes | No |
Can be remotely revoked | No | Yes |
Can be suspended without full revocation | No | Yes |
Works after battery dies | N/A | Yes (Apple only, 5 hrs) |
Key usage tracked by platform | N/A | No — not tracked by Apple or Google |
Updates automatically on room change | No | Yes |
