Microsoft has rolled out its Aadhaar integration on Skype Lite. The integration allows users to verify their identity online, in order to, as per Microsoft, “prevent impersonation fraud”. Here’s how it is supposed to work:
Either party can request Aadhaar verification over a video call using Skype Lite. In order to confirm your identity, you’ll need to click on “Verify Aadhaar identity”, enter your 12-digit Aadhaar number and then authenticate with a one-time password sent via SMS. Once validated, you can choose to share pre-selected Aadhaar information with the other person to confirm your identity.
Microsoft says that the interaction is encrypted, and that Skype will not store any Aadhaar information, and the service will leave a trail regarding the fact that Aadhaar authentication was used in a call, available to both parties on the call.
The Skype Lite app is available in the Lite app has almost all the features from the main app, and is available in Bengali, Gujarati, Hindi, Kannada, Malayalam, Marathi, Odia, Punjabi, Tamil, Telugu and Urdu.
Note that in September last year, Microsoft has demonstrated use cases of Skype authenticating identity using the Aadhaar database. The company had begun working on a pilot to integrate Skype with the Aadhaar database in February last year. At the time, the company was testing if Aadhaar could be used to identify users for video calls with government organisations and institutions, but it seems the company has expanded the scope to include private companies as well.
Nothing special in this authentication mechanism.
Remember that in case of Aadhaar, the Aadhaar Number is the user name, and typically, the fingerprint is the password. The app doesn’t support biometric authentication, and here an OTP is being used as a password.
The process is, thus, as secure or non-secure as an OTP (One Time Password) is: if someones phone, with Skype Lite installed, is stolen/being used by another, authentication is easy. Mobile communications in India is unencrypted, so GSM sniffers can sniff OTPs too. The only difference here is that instead of an email address or a mobile number for two factor authentication, an Aadhaar number is being used.