Bruce Scheiner said this many many times: it is the transactions that needs to be authenticated, not the client. This is what credit card companies do (sometimes overzealously). The transactions mentioned in the article sound very unusual, a trivial authentication mechanism would have caught them.
The judge is right, since he rules by looking at current laws, but the current laws themselves seem out of date.
The judge is right, since he rules by looking at current laws, but the current laws themselves seem out of date.