On Sun, Aug 30, 2015 at 11:37 AM, Tim Guan-tin Chien <timdr...@mozilla.com> wrote: > Indeed, banks in Taiwan are slowly rolling out OTA based > authentications primary mobile app banking users, despite 100% of the > ATM cards are already smart cards (required by legal mandate against > forgery since 2006) and you can already access back accounts from > "WebATM" websites & smart card readers with -- again, ActiveX or Java > plug-in. > > I can't argue if either is securer or "better" compare to another, but > it's important to acknowledge we cannot change the banking industry or > government IT service industry over night by refusing providing > solutions.
Well, if they're using ActiveX or Java (both seem rather terrible from a security perspective, but okay), it seems they're not using <keygen> either, so that solution was probably not sufficient either way. I agree there needs to be a solution of sorts, but it might take a while until we figure something out that works for the web and world at large. -- https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
