I'm developing a Chrome extension that will automate the bank login process. Basically, the client has various bank accounts and wants it to login automatically when he selects one of them.
I'm not sure what the safest technique to get the password is. It may be Google Authenticator, in which the client enters a code every 4-24 hours. Alternatively, you can use any other token-based approach to access API.
My extension is already ready, and I'm currently reading data from a static JSON file, but we want to establish an API to manage it safely.