Saved (maybe saved) user names

Last year I started to get user name popups on my bank URLS. I have these URLS listed under “Never Save.” But user name options still show up. Some of them are correct. I think this is a security risk. A hacker can start with the listed user names, then go from there. Is there anyway to stop them from popping up?