Evry, the consultancy which developed and runs BankID, is largely owned by the public (The Postal Service: 40%, Telenor: 30%, of which the latter is 53% state-owned: http://www.purehelp.no/company/owner_network/evryasa/9343824...). BankID is in fact used to sign all(#) internet banking transactions by regular, private end users of online banking services.
The problem isn't the extra click - two factor authentication with a one-time pad is an excellent extra security measure. The problem is that the implementation sucks and is riddled with security holes, prompting you to update Java every other time you log into your online bank account. This in addition to incredibly slow loading and also outright crashes if you are using a non-standard (i.e. not latest version of IE) browser. It is a giant, steaming pile of crappy software. We can't switch to a Javascript version fast enough.
(#) Except for those customers who have not yet been pushed into BankID, which is the selected standard for online banking. And obviously not for intra-bank and similar transactions.
The problem isn't the extra click - two factor authentication with a one-time pad is an excellent extra security measure. The problem is that the implementation sucks and is riddled with security holes, prompting you to update Java every other time you log into your online bank account. This in addition to incredibly slow loading and also outright crashes if you are using a non-standard (i.e. not latest version of IE) browser. It is a giant, steaming pile of crappy software. We can't switch to a Javascript version fast enough.
(#) Except for those customers who have not yet been pushed into BankID, which is the selected standard for online banking. And obviously not for intra-bank and similar transactions.