I’ve seen two new things that Indian govt started recently, and I’ve a small concern on and a personal concern on the other.
2. EPFO’s UAN
Attendance.gov.in sounds awesome as it government is planning to connect Biometric Attendance Systems of govt offices and show attendance of govt employees, while as awesome as it sounds, they are showing photos and email addresses of all the registered employees. Emails with mere [at] [dot] cannot be stopped by spamming bots.
EPFO’s story is a completely different one. They’ve started something called UAN (Universal Account Number), one number to deal with all PF transfers etc., of all salaried employees who put their money in PF.
Concern here? not HTTPs. Logins, profile modifications, etc are all going through plain unencrypted HTTP traffic.
Another one, they sent password in plain text to the registered mobile when I registered the account. Plain text password sent on mobile + no HTTPs for a service that deals with money of retirals == Big No No.
I hope our govt starts investing into some security experts at the design stages of such projects to avoid later embarrassments.