Q&A: Yubico Software Engineer Emil Lundberg on the past, present and future of WebAuthn

With the proliferation of distributed work globally and as cybercriminals become more sophisticated by the day – it’s clear that traditional passwords and legacy MFA simply aren’t strong enough. Enter WebAuthn, an API that makes it easy for web services to integrate strong authentication into applications using support built in to all leading browsers and platforms.

A few key facts to know about WebAuthn: 

  • The story started in 2013, when Yubico and Google co-created the U2F standard and contributed it to the FIDO alliance. U2F was succeeded in 2019 by WebAuthn, developed under the umbrella of the World Wide Web Consortium (W3C) with Yubico, Microsoft, and Google as leading contributors. WebAuthn continues to be developed further by these and other industry partners.
  • It offers significant security gains over traditional time-based one-time password (TOTP) or SMS-based two-factor authentication (2FA) – thanks to its secure design based on public key cryptography and strict domain binding. Widespread implementation, which can help curb account takeovers from phishing and other modern cyberthreats, will not be achievable until trust is established with everyday users. 

By understanding WebAuthn and how it functions, we are able to further the adoption of passwordless. Emil Lundberg, software engineer and WebAuthn editor at Yubico, recently joined the Swedish IT security podcast Säkerhetssnack to share more about this. During the podcast, Emil talks about the past, present, and future of WebAuthn and its unique ability to make organizations phishing resistant. Check out the video below to listen to the questions and topics discussed. Some of the highlights from the discussion include:

  • An overview of WebAuthn – what it is and who created it
  • How simple and seamless the WebAuthn process is for end users
  • What happens under the hood when websites authenticate users
  • How the devices your team uses every day are built to work with WebAuthn — and how YubiKeys create the same strong protection across multiple devices 

For more information on WebAuthn implementation and best practices, check out our blog here.

Talk to our teamTalk to our team

Share this article:


  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • 2025 Global State of Authentication survey: A world of difference in cybersecurity habitsIn a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving. Bad actors, now supercharged with artificial intelligence (AI), are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises. […]Read moreGlobal State of Authenticationsurvey