|
|
|
|
|
|
by kamaal
2844 days ago
|
|
|
No amount of 'security' will help here. That's because every one including the people don't give a dime about 'security' in India. In Aadhar enrollment centers, passwords are shared. You might like to introduce an OTP like concept, but phones are shared too. 2FA? nice try, but then people also share answers to security questions. Next what? DNA authentication? Biometrics? guess what none of those are any where near reliable and they are mostly identity related things and not authentication related things. There is also government policy. Which is lapse. Mostly run by civil servants who understand nothing about technology. IAS is largely a trivia testing exam with focus on things like meeting and group discussion skills. The head of UIDAI recently claimed that data could not have been possible stolen as the data was still in their database :) This is a phenomenal lapse at every level. Software is one thing, but if your people have decided to work around it, its basically all over. |
|
|
We also need to consider the motivations for working around 2FA or any such authentication systems. One is convenience as you've pointed out.
The other, much bigger motivation IMO, is opportunity to make money. As the article points out once enrolment was outsourced (Rs30/enrolment) it was immediately seen a money making venture so a whole bunch of these centres with dubious credentials surfaced. They were entrusted with document verification too so they would happily accept just about any piece of paper as proof of address. Then there was a business of charging desperate people money to create Adhaar account without which they wouldn't get subsidies.
And then they shut down (50,000 or so) these enrolment centres. Did they expect that all those employed at those centres who lost their jobs to not do anything about it!? Of course they would figure out ways to enrol people!!