Digital identity reuse: can privacy and security actually coexist?

TL;DR: Digital identity programmes are expanding worldwide, but the article argues that reusable credentials still face unresolved trade-offs between privacy, security, and accessibility, especially as exposed credentials and system vulnerabilities keep surfacing, according to Sumsub. The governing problem is not whether digital ID is useful, but whether identity assurance can remain trustworthy once reuse, leakage, and cross-system dependence scale.

NHIMG editorial — based on content published by Sumsub: ID Future: Reusable, Secure, Real?

Questions worth separating out

Q: How should organisations govern reusable digital identity without weakening assurance?

A: Organisations should treat reusable digital identity as a governed trust chain, not a standalone convenience layer.

Q: Why do leaked credentials matter more in reusable identity systems?

A: Leaked credentials matter more because they can be reused across services or relied on by multiple parties, multiplying the impact of a single compromise.

Q: What breaks when recovery is easier than primary authentication?

A: When recovery is easier than primary authentication, attackers target the reset path instead of the login path.

Practitioner guidance

• Map the recovery path before scaling reuse Document every password reset, account recovery, and fallback identity verification path, then test whether it is easier to abuse than the primary login flow.
• Separate reusable attributes from contextual attributes Define which identity claims can travel across services and which must stay bound to a single relying party, jurisdiction, or assurance event.
• Extend governance to identity proofing and revocation Make sure enrollment evidence, credential issuance, revocation, and recovery are visible in the same governance process as authentication and access review.

What's in the full article

Sumsub's full video podcast covers the operational detail this post intentionally leaves for the source:

• The speakers’ discussion of how national digital ID systems are being designed and where the current trust model is under pressure.
• Specific examples of exposed vulnerabilities and leaked credentials mentioned in the episode, including how they affect user trust.
• The panel’s reasoning on how privacy, security, and accessibility can be balanced without collapsing assurance.
• The broader podcast context around digital identity, fraud prevention, and compliance media coverage.

👉 Read Sumsub's podcast episode on reusable digital identity and trust →

Digital identity reuse: can privacy and security actually coexist?

Explore further

View Full Forum →  |  NHI Foundation Course →