And their Java applet stops password managers such as LastPass, 1Password etc from working, and you cannot even copy/paste into its input fields.
I have nothing against Java or the JVM, but applets that require "full access" to your computer just to sign you in is pretty backwards. To be honest, I don't trust their code to behave on my computer, but if I don't give their applet full access, I cannot use my bank online..
I have no idea why they decided to go this route, and why it's not just a 5 minute javascript job to actually fix it.
I don't know how often you need to connect to your online bank : I do it once per week or so...
You could boot a Live Linux CD / DVD / memory stick. Either a Live Linux CD / DVD which already has Java or add it yourself to the Live CD or keep the Java install file on a memory stick. Java can be installed without being root on Linux, which is great and the installation process, once you have the install file, is very very fast (a few seconds). You could then connect to your bank's website (and only to that one) and be quite safe.
Of course it's not for the faint of hearth...
But that way you don't need to trust their code to behave well: you're basically booting a read-only Live CD with zero information about you on it. And you don't have to fear Java applets exploits from other sites (because you use that Live CD to go only to your bank's website).
I access my online bank from a Live Linux distro (Java applets aren't needed here but the principle is the same: by booting from a "read-only OS" and which I use only for online banking, the risk of being pirated are pretty small).
I have nothing against Java or the JVM, but applets that require "full access" to your computer just to sign you in is pretty backwards. To be honest, I don't trust their code to behave on my computer, but if I don't give their applet full access, I cannot use my bank online..
I have no idea why they decided to go this route, and why it's not just a 5 minute javascript job to actually fix it.