Centralised identity systems do not become targets by accident.
They are targeted precisely because of their nature.
Systems that centralise high-value personal data create irresistible incentives. Names, birth dates, addresses, biometrics, credentials, and links to services are not just for verification; they are assets. Their value draws attention, pressure, and eventual exploitation.
This risk is built into their architecture.
It does not depend on poor security practices or malicious intent. Even well-funded, competently managed systems deal with the same reality. Over time, the incentives to attack, misuse, or repurpose a centralised identity system grow, while the assumptions on which it was built slowly decay. Threat models change. Vendors rotate. Governance weakens. The system remains, but its context does not.
Centralisation concentrates failure. Distributed system failures are limited in impact, but a centralised identity system's failure can affect millions. One breach can expose data that cannot be revoked, replaced, or truly recovered.
Identity data behaves differently from other assets. It persists, links, and follows individuals across systems over time. A compromised identity surfaces in new contexts long after it was collected.
There is also a second, quieter reason centralised identity becomes a target: expansion.
Identity systems rarely stay limited to their original purpose. A database for one service often becomes useful to others. Integration is called efficiency; reuse, optimisation. Over time, identity infrastructure underpins enforcement, eligibility, monitoring, and control.
Each expansion increases both the system's value and the incentive to exploit it.
Targeting is not only external. Internal misuse, unauthorised access, political pressure, and mission creep all become easier with centralised identity. As the system grows more critical, its scope becomes harder to challenge or reverse.
This is why asking whether a centralised identity system can be secured misses the point. The more relevant question is whether it should exist in a form that concentrates so much risk in the first place.
Resilient systems assume failure and limit its consequences. Fragile ones assume perfect security and perpetual restraint.
Centralised identity becomes a target because it invites risk. By combining power, data, and dependency, it ensures that when failure comes, the impact is severe.
If we want identity systems that last, our primary goal should be to reduce the risk and incentive to attack them. The main takeaway is that resilient identity systems are intended to reduce centralization, making them less enticing targets in the first place.
Minimise data, distribute trust, and contain harm when things go wrong.
Identity infrastructure fails not from misuse, but from designs that make misuse inevitable.