Ok, but how is your phone authenticated as belonging to you? If you use a pin that is locally stored and not calling to a server somewhere, you kill the device resale market and introduce obsolescence into all such devices. If your device is using this master authenticator pin to access all your other services, the device needs to be uniquely yours.I think you're over simplifying my post...Or I accidentally oversimplified by mentioning all the various pieces where password and privacy and security intersect.
Password...Replace with my phone or other token and an authenticator pin process tomorrow. No state needed.
Google account info, or anything other service, etc. Move to encrypted credentials that only allow the yes or no. Drop password as above and stop handing entire profiles over. Instead only answer yes or no. Stop storing my info on a myriad of internet servers. Store that info on my phone or other token device. No state. No central holding of my data needed more than now. In fact would only need to pass that info as needed.
Replace my current state ID or passport with encrypted data that only responds "yes citizen" or "yes > 18" for the various needs. Provide address when I need to provide address. Provide only phone when I need to give phone.
None of that is different than now. It simply means I don't have a human readable card to lose and I stop providing excessive information everywhere in my real life. This is just tangential to my comments about the over sharing above in my virtual life. Though, this ID naturally could allow me to move to online voting? Registering vehicle? I dunno. All kinds of stuff I hand an insecure picture ID for right now.
Also, in order for these services to authenticate you, there needs to be some exchange of data and they need verifying information or their services wouldn't be very secure. In fact they'd be much more vulnerable to exploits lacking any server side authentication process. The binary yes/no question is pretty much how authentication already works except the question it's asking is yes/PW rather than yes to a bunch of other questions.
The more low tech ID card is actually much safer in general. I do agree though that making state IDs machine readable makes them less secure. I would say any system that requires establishment or verification of identity is always going to be a require a database somewhere, even if only at the point of activation. Realistically for what you're describing, the state still ends up either being the centralized authenticator or the activator.