With reference to “UIDAI introduces 16-digit 'Virtual ID', limited KYC for Aadhaar holders” (January 11), The Tribune report has clearly set the cat amongst the pigeons. UIDAI is absolutely right when it says that there is no Aadhaar breach but prima facie it appears that some user credentials have been compromised or misused. This is a worrying development and highlights multiple issues. Indians are privacy averse — WhatsApp alone generates reams of data and there are credible reports on how unknown entities can easily monitor group conversations despite “end to end encryption”. Likewise, generation of virtual tokens sounds good in theory but will require massive uptime of resources. Not all users are adept in that.
Most users aren’t even aware of two factor authentication. Indian banks rely only on the most insecure form of two factor authentication — the generation of OTPs via SMS. We require a hardware-based tokenisation system that generates random passwords every 30 seconds or some form of YubiKeys. Existing solutions work well but banks and now the Aadhaar database are only coded to get things going. Most Indian banks’ Android apps were affected by malware for the purpose of stealing user credentials. Credible reports have appeared that clearly show how the Aadhaar app uses insecure methods to generate passwords or “secure itself”. A culture of privacy needs to be built from ground up. Removing WhatsApp and Facebook is the first step. Barring them from using UPI is another. The UIDAI needs to adopt more open protocols — if they are the custodians of our identities, they need to be made more accountable. Instead, they are silencing their critics by misuse of legal provisions.
Abhishek Puri, Mohali
Letters can be mailed, faxed or e-mailed to:
The Editor, Business Standard
Nehru House, 4 Bahadur Shah Zafar Marg
New Delhi 110 002
Fax: (011) 23720201 • E-mail: letters@bsmail.in
All letters must have a postal address and telephone number
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%