Temporary 16-Digit Virtual ID To Secure Aadhaar Data Privacy: 10 Points

Temporary 16-Digit Virtual ID To Secure Aadhaar Data Privacy: 10 Points is an explainer published by NDTV on 10 January 2018, written by Aloke Tikku. The article reports on UIDAI’s decision to let Aadhaar holders authenticate themselves using a randomly generated 16-digit Virtual ID instead of their Aadhaar number, in response to heightened privacy concerns after a media investigation into unauthorised database access. It also sets out a 10-point rollout roadmap and notes that researchers such as Sunil Abraham had long advocated such tokenisation to reduce over-collection and storage of Aadhaar numbers by user agencies.

Contents

  1. Article Details
  2. Full Text
  3. Context and Background
  4. External Link

Article Details

📰 Published in:
NDTV
✍️ Author:
Aloke Tikku (Editor)
📅 Date:
10 January 2018
📄 Type:
Explainer
📰 Section:
All India
📰 Newspaper Link:
Read Online

Full Text

New Delhi: People can share a randomly-generated 16-digit temporary number instead of their Aadhaar number starting from March-end to authenticate their identity for various services. The UIDAI - the authority that runs the government's Aadhaar programme - said today the initiative, which is aimed at minimising instances of leak and misuse of Aadhaar numbers, would enhance privacy of the 119 crore people issued the identification number. The UIDAI, which had been working on the "Virtual ID" for months, made the announcement at a time privacy concerns around Aadhaar peaked after a newspaper expose on unauthorised access of its database earlier this month.

Here are the 10 points on this story:

1
The UIDAI will release the necessary software by 1 March. All agencies that are registered to authenticate identities are required to start shifting to the new system by 28 March. By 1 June, all these agencies have to fully migrate to the new system or risk losing their registration and fines.
2
Once the new system kicks in, people will be able to generate their Virtual ID from the website run by the Unique Identification Authority or UIDAI, Aadhaar enrolment centre and the Aadhaar application on their mobile phone. This will be a 16-digit number and will be valid only for a limited duration.
3
This 16-digit number can be provided by people for various services, say at airline or railway counters once it is made mandatory, instead of revealing their Aadhaar number. This 16-digit number will be transmitted to Aadhaar servers which will link the token to the individual's Aadhaar number and confirm the person's identity.
4
If a person forgets the Virtual ID number issued, he or she can retrieve the number or generate a new one. The older ID gets automatically cancelled once a fresh one is generated.
5
The announcement comes amid privacy concerns after a newspaper bought login credentials to access details of individuals by feeding the Aadhaar number.
6
In a rare move, Wednesday's circular recognised concerns around multiple agencies storing Aadhaar number of their customers. "While it is important to ensure that Aadhaar number holders can use their identity information to avail many products and services, the collection and storage of Aadhaar numbers by various entities has heightened privacy concerns," the order said.
7
In this context, the Unique Identification Authority, or UIDAI, decided to restrict most private firms from retaining Aadhaar numbers of their customers or others.
8
The Aadhaar authority has introduced the concept of global authentication agencies, mostly government bodies, which will have access to e-Know Your Customer (e-KYC) information about people who avail their services. They can store Aadhaar number in their system.
9
Every other agency would be classified as local authentication agency and would be prohibited from storing Aadhaar numbers in their database.
10
This is an important shift in the UIDAI's approach. Non-government technology research groups such as Centre for Internet and Society's executive director Sunil Abraham, who had been pushing for introducing Virtual IDs, had faulted the UIDAI architecture for being too trusting of the KYC user agencies and called for safeguards.

Back to Top ⇧

Context and Background

This explainer marked a moment when UIDAI tried to contain growing criticism that Aadhaar’s architecture exposed people to unnecessary privacy risks by allowing widespread storage of their core identifier. Instead of altering the central database, the authority proposed a tokenisation layer, asking users to present short-lived Virtual IDs so that most agencies no longer needed to handle or keep Aadhaar numbers directly.

By distinguishing between “global authentication agencies” that could still store Aadhaar numbers and “local” agencies confined to tokens, the circular tacitly acknowledged that earlier policies had been too permissive about KYC entities keeping permanent identifiers. Civil society organisations such as the Centre for Internet and Society, which had long argued that the system trusted user agencies far too much, treated the change as partial vindication yet warned that effective protection would depend on strict enforcement and real limits on retention and reuse.

📄 This page was created on 22 December 2025. You can view its history on GitHub, preview the fileTip: Press Alt+Shift+G, or inspect the .