The Unique Identification Authority of India (UIDAI) has decided to enable face recognition as a means of biometric verification for Aadhaar, in addition to fingerprint and iris scans, from July 1.
The move is meant to facilitate the authentication of those who are unable to verify biometrically due to their worn-out fingerprints, old age or hard work conditions. However, the facility will be allowed on a need basis and can be used only in “fusion mode”, which means people can use it only along with other existing means of authentication.
“The face authentication provides additional option for all residents to have inclusive authentication,” the UIDAI said in a statement.
According to the UIDAI, the authentication user agencies (AUAs) shall be required to ensure inclusive authentication when a single modality is not working for specific residents. In such cases, applications need to enable the face capture service in addition to fingerprint and iris scans, and one-time password (OTP).
Allowing face recognition is the latest step by the UIDAI to ease the Aadhaar system and address concerns regarding privacy. Last week, the authority had allowed the use of virtual IDs, which can be created anytime by Aadhaar holders. Virtual IDs will allow people not to share their Aadhaar number with authorities in the case of verification. Starting March 1, users will have the option to generate their 16-digit virtual ID, and from June 1, it would be compulsory for all agencies that undertake authentication to accept the virtual ID from users.
Experts believe that lack of enough cybersecurity measures at Aadhaar could have been the reason behind the data leak. However, the UIDAI has maintained that till now, nobody has managed to touch the biometric details.
While facial recognition as a layer of authentication of Aadhaar can work as an enhanced security layer is yet to be seen, it is still not considered a very mature technology the world over.
Apple has invested heavily to develop infrared-based specialised hardware to capture the 3D image of a person’s face after a group of cybersecurity researchers, in November last year, claimed to have cracked the consumer technology giant’s facial recognition technology using a mask made with a 3D printer, silicone and paper tape.
“Two-factor authentication is good, but face is a bad factor for authentication,” said Ankush Johar, director at Infosec Ventures, a firm that provides infrastructure security solutions for commercial and government organisations. “Although adding an extra layer of security for Aadhar holders seems to be a good initiative, adding facial recognition might not do much good. Not only it isn’t too difficult to replicate as compared to other biometrics, but also the major problem lies in the source of the images used as the authentication mechanism.”
The photographs captured nearly half a decade back with an extremely low resolution camera stood hardly any chance given that hackers were able to bypass even the 3D face model recognition developed by one of the biggest tech pioneers, he added.
Regarding face authentication, the UIDAI will work with biometric device providers to integrate face modality into the certified registered devices and also provide standalone registered device service as required by the ecosystem.
Till now, over 1.19 billion Aadhaars have been generated and the government is making the unique number mandatory for a host of social security schemes like direct benefit transfer. Also, Aadhaar has to be linked to PAN card, bank accounts and mobile numbers.
However, the Supreme Court has extended the deadline to March 31 to link Aadhaar with bank accounts and mobile numbers.