Passkeys

When end users log in to Banno Apps, they can authenticate with two steps by entering a username and password and completing a 2FA challenge. Both these steps have their own security vulnerabilities that persist despite industry efforts to minimize them.

For end users who log in to Banno Online using a passkey - by clicking Sign in with a passkey - they’re offered a safer and easier login experience that eliminates the need to enter a password and complete 2FA. Passkeys, a standard created by the FIDO Alliance and the World Wide Web Consortium, consist of a public and private pair. The public key registers with the app or website, and the private key stores on the end user’s device in their chosen passkey manager.

Passkeys can be synchronized across end user devices in the same ecosystem. For example, passkeys created on iOS or in Safari on macOS are stored in iCloud Keychain. Passkeys created in Chrome on Android are stored in the Google Password Manager. Development of passkey support by both Apple and Google is ongoing.

The app or website that the end user logs in to - including the Banno Digital Platform - does not store private passkeys. For example, if an end user is logged in to their Google account on their iPhone, they can log in to Banno Online from their Android tablet and use their iPhone to authenticate their identity. Access to private passkeys within an ecosystem’s passkey manager is controlled by the individual end user’s device biometrics that they already use to log in to their device (PIN, fingerprint, etc.). The Banno Digital Platform has no access to an end user’s biometric information.