Safepay

I have Swedbank and they use java and a key generator to login, but it does not work when I use Safepay,


Safepay does not allow to use java. How can I get around this

Comments

  • camarie
    camarie Principal Software Developer BD Staff
    I have Swedbank and they use java and a key generator to login, but it does not work when I use Safepay,


    Safepay does not allow to use java. How can I get around this


    Hello, Cristian Amarie here, lead developer, Safepay.


    At this time the only plugin allowed is Flash due to its overwhelming usage (frankly I don't understand why internet banking should use *anything* else than https, but that's another story...)


    Regarding Java, it is not allowed at this time. There was also another bank (I think Banco do Brasil) which also uses Java, which led to the conclusion that besides Flash we won't let any plugin.


    But since I see that Java is used in more than one occasion, I'm starting to believe that it could be useful to let users (maybe not automatically, but on demand...) to use also Java applet plugin.


    How do you think it would be better from your point of view? Ask you every time if you navigate to an URL which needs Java, or configure in Settings if you allow Java or not? (Or maybe a combination, allow Java *only* for certain domains, perhaps?)


    Looking forward for your feedback and I will discuss this with product manager.


    Regards,


    Cristian

  • Hello, Cristian Amarie here, lead developer, Safepay.


    At this time the only plugin allowed is Flash due to its overwhelming usage (frankly I don't understand why internet banking should use *anything* else than https, but that's another story...)


    Regarding Java, it is not allowed at this time. There was also another bank (I think Banco do Brasil) which also uses Java, which led to the conclusion that besides Flash we won't let any plugin.


    But since I see that Java is used in more than one occasion, I'm starting to believe that it could be useful to let users (maybe not automatically, but on demand...) to use also Java applet plugin.


    How do you think it would be better from your point of view? Ask you every time if you navigate to an URL which needs Java, or configure in Settings if you allow Java or not? (Or maybe a combination, allow Java *only* for certain domains, perhaps?)


    Looking forward for your feedback and I will discuss this with product manager.


    Regards,


    Cristian


    Hello Christian


    The bank is on https but they run a java aplet to verify your identity and to generate a key. This is Danish banking and it's silly, but the government has decided to use Nem-ID. Here is a link on Nem-ID


    As it is now, I use Comodo IceDragon browser for home banking because of the secure DNS server and java permission each time, by default is java blocket


    I can easily live with giving java permission every time, my confidence in Oracle is not so great and they take users as hostages. I read this article the other day Security researcher experiments with patching Java


    sincerely


    Jerik

  • camarie
    camarie Principal Software Developer BD Staff
    Hello Christian


    The bank is on https but they run a java aplet to verify your identity and to generate a key. This is Danish banking and it's silly, but the government has decided to use Nem-ID. Here is a link on Nem-ID


    As it is now, I use Comodo IceDragon browser for home banking because of the secure DNS server and java permission each time, by default is java blocket


    I can easily live with giving java permission every time, my confidence in Oracle is not so great and they take users as hostages. I read this article the other day Security researcher experiments with patching Java


    sincerely


    Jerik


    I have already sent last night the email to PM.


    Probably I will get a reply on Monday and we'll decide how it's the better way since Java applet is a necessary evil, it seems.


    Regards,


    Cristian