How to lock and unlock access to Aadhaar biometrics3 min read . Updated: 04 Jun 2017, 11:43 PM IST
UIDAI allows you to lock your biometrics, so that no one can access your information without your consent
Over the past few months, the government has made it mandatory to have Aadhaar to avail several government benefits, to on-board services like a new mobile connection and even to file tax returns. Alongside the government’s push for these initiatives, some people have also raised concerns about the security of sensitive personal information that they may share when they do biometric authentication using Aadhaar.
It should be noted that while some instances of Aadhaar numbers getting leaked have been reported, so far there has been no report about the biometric data of Aadhaar holders being compromised.
But if you want to be doubly sure, did you know that you can also lock anyone from accessing your biometric data from Aadhaar? This can prevent everyone, including you, from using your fingerprint or iris scan for any authentication. Let’s read more about this.
While enrolling for Aadhaar, you share your biometrics (fingerprints and iris scan), which are stored with the Unique Identification Authority of India (UIDAI). Your Kow Your Customer (KYC) details like name, date of birth and address are also stored with the authority.
Aadhaar-based e-KYC is increasingly being used for services like opening a bank account and getting a new mobile connection. For instance, when you share your Aadhaar number with a telecom company representative, he enters it in the Aadhaar-based authentication system. Next, in order to ensure that access to your KYC details are being granted to the telecom company under your authorization, you have to authenticate yourself using your fingerprint. If the fingerprint scanned at the device matches with the one in the Aadhaar database, it is considered to be an approval from you and your KYC details are shared with the telecom company. This process has eliminated the need for submitting physical documents for such services, thereby eliminating the chances that your identity documents may be misused.
However, there still are issues such as misuse or copying of fingerprints. Therefore, in order to add another layer of security, UIDAI allows you to lock your biometrics, so that no one can access your information without your consent, in the unlikely event that someone is able to replicate your fingerprints.
The biometrics can be locked as well as unlocked. However, this facility can only be accessed online. To do this, you have to go to the Aadhaar services tab on UIDAI’s homepage, and click on the ‘lock/unlock biometrics’ link. This will take you to the page https://resident.uidai.gov.in/biometric-lock. Here you will have to enter your Aadhaar number along with your security code. This code will is generated using a one-time password (OTP), which is sent to your registered mobile number. Use this OTP to login and enter another security key to lock the biometrics.
After you lock your biometrics, you will not be able to complete any biometric-based authentication. But what it also does is that it secures your biometric information from potential misuse.
But what do you do if you have locked your biometrics and want to authenticate an Aadhaar-based KYC at a later time?
For this, you can unlock your biometrics through the same process that is described above. If you have locked your biometrics on Aadhaar, you will get options to either unlock or disable the lock after login.
The unlock option results in temporarily unlocking the biometrics, which leaves it usable for a period of 10 minutes. After 10 minutes, it will automatically get locked again.
With this, you don’t have to remember any complex passwords to use this facility. All that is needed is your Aadhaar number and access to your registered mobile number.
Even if you have locked your biometrics, you can still continue to use Aadhaar-based authentication using the OTP-based authentication procedures. You will continue to receive OTPs on your registered mobile number or email address even when the biometrics are locked.