You are here: Home » Opinion » Letters
Business Standard

Securing Aadhaar: Letter to BS on UIDAI introduces 16-digit 'Virtual ID'

Most Indian banks' Android apps were affected by malware for the purpose of stealing user credentials

Business Standard 

With reference to “introduces 16-digit 'Virtual ID', limited KYC for holders” (January 11), The Tribune report has clearly set the cat amongst the pigeons. is absolutely right when it says that there is no breach but prima facie it appears that some user credentials have been compromised or misused. This is a worrying development and highlights multiple issues. Indians are privacy averse — WhatsApp alone generates reams of data and there are credible reports on how unknown entities can easily monitor group conversations despite “end to end encryption”. Likewise, generation of virtual tokens sounds good in theory but will require massive uptime of resources. Not all users are adept in that.

Most users aren’t even aware of two factor authentication. Indian banks rely only on the most insecure form of two factor authentication — the generation of OTPs via SMS. We require a hardware-based tokenisation system that generates random passwords every 30 seconds or some form of YubiKeys. Existing solutions work well but banks and now the database are only coded to get things going. Most Indian banks’ Android apps were affected by malware for the purpose of stealing user credentials. Credible reports have appeared that clearly show how the app uses insecure methods to generate passwords or “secure itself”. A culture of privacy needs to be built from ground up. Removing WhatsApp and Facebook is the first step. Barring them from using UPI is another. The needs to adopt more open protocols — if they are the custodians of our identities, they need to be made more accountable. Instead, they are silencing their critics by misuse of legal provisions.

Abhishek Puri, Mohali


can be mailed, faxed or e-mailed to:

The Editor, Business Standard

Nehru House, 4 Bahadur Shah Zafar Marg

New Delhi 110 002

Fax: (011) 23720201 • E-mail: letters@bsmail.in

All must have a postal address and telephone number

First Published: Thu, January 11 2018. 22:33 IST
RECOMMENDED FOR YOU