alt Hacker NewsThat's interesting. I didn't know any other country in East Asia that showed this level of restrictive policy that sets up a cascade of problematic tooling and technologies.
Japanese Internet was pretty bad in the 2010s, but this was all self-inflicted done by the private sector. The government had very little do with it. And even then, ActiveX controls were very rare. My main pain point with online banking was ugly sites, back buttons that don't work and passwords limited to 8 or 12 characters "for security reasons". But those problems are not specific to Japanese or Asian banking sites. The only Japan-specific woes I can think of are frequent maintenance windows where most banking functionality is done (mostly eliminated on my bank) and weird 2FA methods like Security Cards (just a paper card with a table of codes for challenges, also completely gone now).
Replies
It makes sense in a way.
Would you rather take your chances as one in one million customers getting his "hunter2" password brute-forced by a dedicated attack or as one of the one million customers totally pwned by a buffer overflow/code injection from the password field?
The paper card 2FA seems better than SMS 2FA or an app 2FA if you're relatively sure your physical security is good.
The card shouldn't cost money or could cost 50 yen which would be more than enough to cover printing it.
You're not vulnerable to SMS interception or phone malware. You're also not forced into Google's or Apple's walled gardens.