Recently I visited “CM Ziekenfonds” website where foreseen the user authentication using Belgian eid card. During login, the popup window appears with request to allow Java applet run in unsafe mode:
Thus, for secure login I have to lower security settings for Java, knowing that in general the usage of Java applets is not secure at all.
Most of the official Belgian eid cards software is written in Java. The only way for using eid card in the browser is via Java applet. Nowadays, when most of the people using smartphones and tables for browsing Internet this solution becomes really not acceptable.
There is another alternative solution which becomes more and more popular – Itsme: https://www.itsme.be/en. This solution replaces eid card login with smartphone app.
Unfortunately, it doesn’t solve the problem of eid card usage, when it’s really needed, for example for qualified signature of PDF documents.