Safepay

JohnE

I have Swedbank and they use java and a key generator to login, but it does not work when I use Safepay,

Safepay does not allow to use java. How can I get around this

camarie

I have Swedbank and they use java and a key generator to login, but it does not work when I use Safepay,

Safepay does not allow to use java. How can I get around this

Hello, Cristian Amarie here, lead developer, Safepay.

At this time the only plugin allowed is Flash due to its overwhelming usage (frankly I don't understand why internet banking should use *anything* else than https, but that's another story...)

Regarding Java, it is not allowed at this time. There was also another bank (I think Banco do Brasil) which also uses Java, which led to the conclusion that besides Flash we won't let any plugin.

But since I see that Java is used in more than one occasion, I'm starting to believe that it could be useful to let users (maybe not automatically, but on demand...) to use also Java applet plugin.

How do you think it would be better from your point of view? Ask you every time if you navigate to an URL which needs Java, or configure in Settings if you allow Java or not? (Or maybe a combination, allow Java *only* for certain domains, perhaps?)

Looking forward for your feedback and I will discuss this with product manager.

Regards,

Cristian

JohnE

Hello, Cristian Amarie here, lead developer, Safepay.

At this time the only plugin allowed is Flash due to its overwhelming usage (frankly I don't understand why internet banking should use *anything* else than https, but that's another story...)

Regarding Java, it is not allowed at this time. There was also another bank (I think Banco do Brasil) which also uses Java, which led to the conclusion that besides Flash we won't let any plugin.

But since I see that Java is used in more than one occasion, I'm starting to believe that it could be useful to let users (maybe not automatically, but on demand...) to use also Java applet plugin.

How do you think it would be better from your point of view? Ask you every time if you navigate to an URL which needs Java, or configure in Settings if you allow Java or not? (Or maybe a combination, allow Java *only* for certain domains, perhaps?)

Looking forward for your feedback and I will discuss this with product manager.

Regards,

Cristian

Hello Christian

The bank is on https but they run a java aplet to verify your identity and to generate a key. This is Danish banking and it's silly, but the government has decided to use Nem-ID. Here is a link on Nem-ID

As it is now, I use Comodo IceDragon browser for home banking because of the secure DNS server and java permission each time, by default is java blocket

I can easily live with giving java permission every time, my confidence in Oracle is not so great and they take users as hostages. I read this article the other day Security researcher experiments with patching Java

sincerely

Jerik

camarie

Hello Christian

The bank is on https but they run a java aplet to verify your identity and to generate a key. This is Danish banking and it's silly, but the government has decided to use Nem-ID. Here is a link on Nem-ID

As it is now, I use Comodo IceDragon browser for home banking because of the secure DNS server and java permission each time, by default is java blocket

I can easily live with giving java permission every time, my confidence in Oracle is not so great and they take users as hostages. I read this article the other day Security researcher experiments with patching Java

sincerely

Jerik

I have already sent last night the email to PM.

Probably I will get a reply on Monday and we'll decide how it's the better way since Java applet is a necessary evil, it seems.

Regards,

Cristian