This may sound crazy, but I have an idea which would enable secure access to the Internet via a dedicated portal and a dedicated hardware box. The SecureBox would be built around open source hardware, firmware and software. I propose that authorised organisations such as banks, insurance companies and government agencies would utilise this portal. The portal's sole function would be to verify the authenticity of particular URLs belonging to these vetted organisations. The SecureBox would submit a URL to the portal and would reject any URL that is not authorised by it. The portal would also provide firmware updates for the SecureBox.
I envisage that the SecureBox would function like a personal ATM machine. It would have no connection to the external world other than a credit card slot, an Ethernet port and Wi-Fi. No USB port, no SD card slot. Each authorised organisation would have a dedicated area of their web site with a minimalist interface akin to telephone banking over a landline. It would be no more complicated than a DOS-style BBS of 30 years ago. No Javascript, frames, popups, etc, just plain HTML. Ideally the box would execute code from flash memory. It would have a very minimal digital display and a rudimentary keyboard or touchpad. Receipts for the session could be sent to a specified email address. This address need not be stored in the box but could be stored on the web site of the bank, insurance company, etc. I envisage that credit cards, a Medicare card, driver's licence, pension card, et cetera could be used to initiate a session, although this would not be mandatory.
The idea behind this box is to protect users from themselves. That is, this box could not be penetrated by malware such as keyloggers that could steal passwords. The portal would act like a firewall to prevent users from visiting unauthorised URLs, whether intentionally or unintentionally. The portal could be maintained by a central authority such as the Signals Directorate (in Australia). All communications would be encrypted. No traffic would pass through the portal or be recorded by it other than requests to verify authorised URLs. At the end of each session the RAM is cleared and the SecureBox rebooted and reset.
If users opt for this hardware solution, banks would be more inclined to accept responsibility for losses due to fraud. At the moment the Australian government is disinclined to force the banks to accept responsibility via legislation.