Crook needs physical access to your phone.It also needs the person to either resemble you to a rather high degree, or for the banker/teller asking him for verification to be actively involved in the scam. The OTP is only valid for a matter of minutes. Access it WHILE they're using it to verify their identity for a fraudulent purpose. And not just access it at some random time. Sure, there are people who don't lock their phones, or tell people their OTPs, but what you're asking for is someone to physically gain access to the phone. There's already way too much security on modern OS's. If they have your biometrics they can empty your bank account.įirstly, "hacking" a phone remotely nowadays is next to impossible for almost anyone short of the NSA. : What if someone hacks your phone and steals the OTP. This way, even if someone has one of these two, (guesswork/theft) it is highly unlikely that they have the other.īut no, this real concern with Aadhaar will be lost among all the retarded posts talking about 'muslim lists', and denial of medical insurance. Something that is private knowledge (a PIN that I set), and access to a device that I own (OTP on my phone). However in my opinion they should have taken it a step further and introduced a second factor of authentication every time that one tries to authenticate with biometrics (possibly through an OTP?). Aadhaar details are never transmitted by UIDAI. People who are saying that data can be leaked are just fear mongering. Penalties for such infractions should be handed out with extreme prejudice.ĮDIT: MODS of /r/india, care to explain why this comment was deleted? It's back. As u/baggum pointed out in the comments for this thread, this is already covered in the Aadhaar bill. However in my opinion they should have taken it a step further and introduced a second factor of authentication every time that one tries to authenticate with biometrics (possibly through an OTP?).Įdit: Secondly there is the issue of govt departments not handling citizen's data with care and publishing data to the internet in plain text. UIDAI has taken a step to correct this issue by allowing the user to lock their biometrics until they want to use them to authenticate somewhere. Now you might be on the hook with no way to prove that the SIM isn't owned by you. Now said person uses that fingerprint to create a JIO sim with your fingerprint and uses said sim to commit a crime. For example, say a criminal stores your fingerprint which you used to authenticate somewhere. You leave finger prints all over the place and there is nothing stopping a company from say storing your fingerprints and reusing at a later date.
The main reason for fear should be that fingerprints are not a fool proof method of authentication. People who are saying that data can be leaked by UIDAI are just fear mongering.
0 kommentar(er)
