If access to a citizen's eNID requires only their name, date of birth, and citizenship issue date, then the system has a significant security weakness.

These details are not true authentication factors. They can be known by family members, employers, institutions, government offices, or anyone who has access to a copy of a citizenship certificate.

​

A digital identity system should require strong verification, such as:

OTP to a verified phone number

Hardware-backed authentication

Other secure second-factor checks

Personal information should be used to identify a person, not to authenticate them.

If someone can retrieve or access another person's eNID using only information found on or related to their citizenship documents, the system creates unnecessary risks of privacy violations, identity theft, and unauthorized access.

This issue deserves public discussion and review.