Device management

End users with a stolen or lost device can log on from a different device and deauthorize the offending device. For mobile clients, this wipes all the user data the next time the device contacts a Banno server. For web clients, this requires a full 2FA login even if the user selected Remember this computer.

Devices that have been used to access Banno Online appear in the Devices section of the Security screen. End users can have their devices deauthorized for Banno Online use in two ways: They can perform self-service action, or someone from your institution can deauthorize the device for them from Banno People. If end users lose a device or if someone steals their credentials, they can deauthorize the compromised device from a separate, authorized device within the Security option on the Settings menu.

Every time a user signs in to Banno Mobile and Banno Online, information about the device they’re using is passed along. Users can see the computers, phones, and other devices that are currently using or have recently accessed Banno. This can be used to make sure than no one else has signed in to an account.

Managing devices

  • Settings
  • Security
  • Recently used devices

Users can review the list of devices that have been used to access their accounts by signing in and navigating to Recently used devices.

Devices that are phones and tablets are listed by the brand name, version of the operating system, and the version of the app installed on that device.

Browsers that have been used to access a user’s accounts are shown by the brand name and version of the browser along with the operating system name and version.

Devices may have additional designations displayed on the devices list:

Anchor device
The designated device is an anchor device according to our identification system.
Restricted
The designated device was previously deleted and is ineligible to become an anchor device or to automatically unblock via the waitlist functionality.

Removing devices

If a user no longer has access to a device that was previously used, they can remove that device’s access. This will invalidate the token on that device. On mobile phones and tablets this will force a signout and a deletion of locally stored data. In browsers, the existing session will be terminated.

If a Banno Online user has opted out of a two-factor authentication prompt on every subsequent sign in using the same browser, removing that device will result in the user being prompted to complete the two-factor authentication challenge should they use that browser again in the future.

Due to the ever-increasing threat of account takeover, device removal was made a high-risk action in June of 2024. This is primarily to help prevent fraudsters from removing the devices of legitimate users after gaining access to their credentials. Banno Online began enforcing this in early June, and Banno Mobile started enforcing it in version 3.14.

Unblocking devices

Depending on your financial institution’s settings, new devices may be blocked from performing high-risk actions. This is an automatic process, and can be unblocked in several ways based on your settings.

Your financial instutiton can unblock devices on behalf of an end user by navigating to their device list, navigating to the blocked device, and selecting Allow device. This selection immediately saves the new setting and allows the device to perform high-risk actions with proper authentication.

Your financial institution may also allow end users to unblock new devices via one of their anchor devices. This functionality can be found in the Settings section of their digital banking app.

Anchor devices

Anchor devices are regularly used devices that have additional privileges for the given end user. Most notably, when a new device is blocked from performing a high-risk action, anchor devices allow your end users to unblock that device and allow it to complete those actions.

Anchor devices are automatically identified, including both the end user’s first device and devices that are used consistently over time. Devices that have been deauthorized by the user will not be selected as anchor devices, and the logic for identifying anchor devices is consistently updated to maximize the security of this functionality.