Sign in with a passkey
Formerly known as our biometrics login feature, the passkey login feature Sign in with a passkey follows FIDO Authentication specifications. It aligns with changes in web browsers and enables the browser autocomplete feature to make signing in with passkeys even easier—especially on mobile browsers—for end users. With passkeys, end users can sign in to Banno Online quickly, easily and more securely by using their device’s biometric capability or PIN to authenticate themselves in a single step instead of entering a password and completing 2FA. Passkeys protect end users in a variety of ways, including these:
- Unlike passwords, passkeys cannot be used on their own to authenticate (i.e. passkeys cannot be copied, pasted, stolen).
- Passkeys use cryptography and tie the device, end user, and app or website together, so that attackers cannot steal credentials by using phony websites.
- End users don’t have to remember, update, or manage passwords.
How does it work?
- Banno Online login screen
- enter username (1)
- Continue (2)
- Sign in with a passkey (3)
After an end user registers their passkey, the end user clicks Sign in with a passkey. Depending on the end user’s platform, web browser, and device biometric setting (face ID, PIN, etc.), the passkey manager prompts the end user to authenticate using their device’s biometrics to log in. Desktop end users whose devices that may not have biometrics can also authenticate using their nearby mobile device to scan a QR code that displays on the desktop .
Once a passkey is registered with Banno Online, end users can log in from their other devices that are synced to their passkey manager. End users will also see autofill prompts to use passkeys found in their passkey manager. For example, passkeys created on iOS or in Safari on macOS are stored in iCloud Keychain. Passkeys created in Chrome on Android are stored in the Google Password Manager.
Autofill username
Note: Autofill entries vary based on the information provided by the end user’s passkey manager.
End users who register a passkey will then have the option use autofill at the username field prompt on the login page (1). For autofill to function, the end user needs to be logged in to their passkey ecosystem (Google, Apple, etc.)—autofill functionality does not populate from the end user’s device or browser. This method streamlines the login experience by eliminating the need to enter a username, password, or complete 2FA.
Use a passkey on a different device
The Use a Passkey on a Different Device (2) entry that displays in the autofill prompt allows end users to authenticate log in from a mobile device when using a desktop. Both devices must have Bluetooth enabled, and the mobile device needs to be placed within Bluetooth range of the desktop. Using a passkey on a different device is managed by the passkey provider and not by the Banno Digital Platform. FIDO Alliance offers more information on the user experience.
Register passkey
-
- End user profile menu
- Settings
- Security
- Passkey sign in
- Register this device
Before an end user can successfully sign in with a passkey, they need to log in to Banno Online and enable the Register this device toggle in their profile’s Settings. After they enable the toggle, the end user follows the passkey provider’s prompts to complete passkey setup. When the device is successfully registered and the passkey created, the confirmation toast Passkey registered displays in the app. Passkey prompts and messaging will vary depending on the end user’s operating system, passkey provider, device, and web browser, because passkey prompts are controlled by the passkey provider and not by the Banno Digital Platform.
If the end user doesn’t successfully set up a passkey, an Error registering passkey toast message displays in the app. The end user needs to log out of Banno Online, sign back in, and attempt registering a passkey again.
Unregister and remove passkey
If end users want to remove their passkey, they need to unregister the passkey from Banno Online. To remove the passkey entry from displaying in the the autofill prompt, it’s recommended end users also remove it from their passkey manager.
Banno Online
- End user profile menu
- Settings
- Security
- Passkey sign in
- Register this device
To unregister a passkey, the end user disables the Register this device toggle in their profile’s Settings. After they disable the toggle, the end user follows the passkey manager’s prompts. When the passkey is successfully unregistered, the confirmation toast Passkey removed displays in the app. Passkey prompts and messaging will vary depending on the end user’s operating system, passkey provider, device, and web browser, because passkey prompts are controlled by the passkey provider and not by the Banno Digital Platform.
When the end user unregisters their passkey in Banno Online, they cannot log in with Sign in with a passkey or have the option to complete high-risk authentication with a passkey. If the passkey isn’t also removed from the end user’s passkey manager, the option to sign in with a passkey still displays in the autofill prompt but the end user is unable to log in using that option.
Passkey manager
When an end user removes a passkey in Banno Online, we recommend they also remove it from their passkey manager. The Banno Digital Platform manages registering a passkey with Banno Online, but we do not have control of passkeys stored in an end user’s passkey manager. If the end user doesn’t remove the passkey from their passkey manager, the option to sign in with a passkey continues to autofill but it will not work—the end user is unable to sign in using the entry. To remove a passkey from the passkey manager, institutions and end users should refer to the documentation provided by the end user’s passkey manager.
Update username in passkey manager
If an end user updates their username in Banno Apps, they also need to update the username in their passkey manager so that the autofill prompt reflects the correct username. To update the username in a passkey manager, institutions and end users can refer to the the documentation provided by the end user’s passkey manager.
FAQ
- Can passkeys be disabled?
- No, passkeys are part of the Banno Online login experience and cannot be disabled.
- An end user on a desktop wants to “Use a Passkey on a Different Device” to authenticate and has difficulty logging in to Banno Online.
- Both devices must have Bluetooth enabled, and the different device needs to be placed within Bluetooth range of the desktop.
- The end user has trouble registering their device and “Error registering passkey” toast message displays in the app.
- The end user needs to log out of Banno Online, sign back in, and attempt registering a passkey again.
- Can end users still log in using their password?
- Yes, end users can still log in to Banno Online using their password and completing 2FA.
- Does Banno store end user biometric information?
- No, apps and websites—including the Banno Digital Platform—do not store the end user’s biometric information.
- Where can institutions and end users get support for using passkeys?
- Content provided by the FIDO Alliance and the FAQ in this Passkeys doc offer valuable information for learning about passkeys. Here are a few more resources:
- Chromium browser support
- Apple support
Banno supports registering and unregistering a passkey on a device, and we enable autofill functionality for passkey managers. For all other passkey support, please refer to documentation provided by the end user’s passkey provider as support by Apple and Google are ongoing.