RailOne vs Indian Railway Catering and Tourism Corporation: New App’s Security Feature Under Scanner

The RailOne app, designed for booking train tickets, was introduced as an alternative to the Indian Railway Catering and Tourism Corporation (IRCTC). This app allows both reserved and unreserved tickets to be booked. Despite the numerous features provided by the app, one major drawback was noted: the lack of prior notification regarding the expiration of the password.

Normally, banking and financial apps begin sending reminders 7-10 days before the password expires. However, the feature is not included in the RailOne app, and the user finds out that the password is no longer valid when they try to log in, which can be a major security threat, especially when the user wants to perform a time-sensitive operation such as booking a ticket.

The RailOne application utilizes a 6-digit mPIN for daily logins. It is seen that users forget their primary alphanumeric password after using the mPIN for some time. When the app suddenly asks for the primary password, the only option left is to use the forgotten password, which in itself has become a cumbersome process.

Resetting passwords takes 15 to 20 minutes for the OTP to arrive on their mobile or email. Technical experts believe that a lack of coordination between the app's authentication server and the user interface causes the app to hang or become unresponsive.

The festival of Holi is approaching. Imagine if you want to book an instant ticket during this time, and then the app asks you to reset your password, a 20-minute delay could result in someone else receiving your seat. On routes like UP-Bihar, where seats fill up in seconds, this glitch is like missing a train for passengers.

Experts suggest that the RailOne app should include push notifications for biometric login (fingerprint or face ID) or before password expiration. Furthermore, the OTP delivery system needs to be further accelerated to avoid wasting valuable user time.