This is a blog on a meetup by the local OWASP chapter in wellington.

Local OWASP Talk Recap#

Introduction#

Last night, I had the opportunity to attend a local OWASP (Open Web Application Security Project) talk. The event featured a cybersecurity talk about an idea for a Credential Management API, AKA, 0 click login systems.

In this blog post, I’ll share some key insights from the event and highlight my takeaways from the engaging sessions.

Featured Speaker: [Matt Cotterell]#

The keynote was delivered by [Matt Cotterell]

Key Points from the Talk#

• [History of Logins]: This was just a history of all the login systems we’ve used from the beginning of web. I don’t really want to go over this in depth. (I don’t remember it very well anymore.)
• [A one click login system]: A one click login system, using password managers through the browser.

Live Demonstration#

One of the most captivating parts of the talk was the live demonstration of [A theoreticle one click/zero click login]. The speaker showcased a secure way which a webapp could communicate with website to log the user in using a password manager. I could be wrong but what I understood was that, the idea is that you first send a simple Login message to the server. It then communicates to the password mananger to see if there is a login for the page, gets the user and password and you are logged in. This means that all the website will do is prompt the password manager on login without having to fill out any fields. This will be very useful as often you need to fill out these fields everytime you go to a different app or need to swap accounts on an app or something. It was put in more depth in the talk, but this was a while ago so I don’t remember it very well anymore.#

Final thoughts.#

I know this will take ages to become standard, but compared to the current system of password and two factor, I think it’s highly efficient and secure enough to work. This can also be done with keys which have started to be used for two factor, although this wouldn’t be able to replace the user bit of th elogin so I’m not sure.

Enjoy your day!

I did not have time to write it up properly so the template for the blog was generated by a chatbot and refactored it a lot.