Passkeys
When end users log in to Banno Apps, they can authenticate with two steps by entering a username and password and completing a 2FA challenge. Both these steps have their own security vulnerabilities that persist despite industry efforts to minimize them.
For end users who log in to Banno Online, Banno Mobile, or Treasury Management (with Unified Identity Service) using a passkey - by clicking Sign in with a passkey - they’re offered a safer and easier login experience that eliminates the need to enter a password and complete 2FA. Passkeys, a standard created by the FIDO Alliance and the World Wide Web Consortium, consist of a public and private pair. The public key registers with the app or website, and the private key stores on the end user’s device in their chosen passkey manager.
Passkeys can be synchronized across end user devices in the same ecosystem. For example, passkeys created on iOS or in Safari on macOS are stored in iCloud Keychain. Passkeys created in Chrome on Android are stored in the Google Password Manager. Development of passkey support by both Apple and Google is ongoing.
The app or website that the end user logs in to - including the Banno Digital Platform - does not store private passkeys. For example, if an end user is logged in to their Google account on their iPhone, they can log in to Banno Online from their Android tablet and use their iPhone to authenticate their identity. Access to private passkeys within an ecosystem’s passkey manager is controlled by the individual end user’s device biometrics that they already use to log in to their device (PIN, fingerprint, etc.). The Banno Digital Platform has no access to an end user’s biometric information.
Adding a passkey
Banno and Treasury Management end users have a couple of different options when it comes to adding new passkeys. They can either utilize their device’s built-in biometrics, use passkeys stored on other devices they own, or set up a physical security key that has a fingerprint scanner or PIN. From Banno Online, Banno Mobile, or Treasury Management, end users can navigate to their profile, go to the Security section, and select Add passkey. After that, they will be prompted to enter a 2FA code or use an existing passkey before they can add a new passkey.
Built in biometrics
This option allows end users to use their device’s built-in biometrics to authenticate into Banno Online, Banno Mobile, or Treasury Management. This gives the end user the convenience of not needing to enter their password and 2FA code when logging in and also reduces the risk of phishing fraud attempts since biometric data isn’t easily transferrable or duplicated.
Mobile phone or tablet
This option allows end users to use passkeys on other devices to authenticate into Banno Online, Banno Mobile,or Treasury Management. For example, if an end user doesn’t have an online device compatible with built-in biometrics or they would prefer to use a passkey stored on another device, they can scan a QR code with their device and use that device’s stored passkey for Banno or Treasury Management to log in. As always, the private key within the passkey is inaccessible to Banno and Treasury Management and provides an additional layer of security for your end users.
Security keys
This option allows end users to authenticate themselves via physical security keys. When an end user goes to log into Banno or Treasury Management, they will be able to insert their registered security key into their device, enter their PIN or fingerprint into the security key, and then be able to access Banno Online, Banno Mobile, and Treasury Management upon successful authentication. Please note, Banno and Treasury Management will never be able to access or see an end user’s PIN or biometric details.