Q&A: Yubico Software Engineer Emil Lundberg on the past, present and future of WebAuthn

Ryan Schin

Ryan Schin

2 minute read

With the proliferation of distributed work globally and as cybercriminals become more sophisticated by the day – it’s clear that traditional passwords and legacy MFA simply aren’t strong enough. Enter WebAuthn, an API that makes it easy for web services to integrate strong authentication into applications using support built in to all leading browsers and platforms.

A few key facts to know about WebAuthn: 

  • The story started in 2013, when Yubico and Google co-created the U2F standard and contributed it to the FIDO alliance. U2F was succeeded in 2019 by WebAuthn, developed under the umbrella of the World Wide Web Consortium (W3C) with Yubico, Microsoft, and Google as leading contributors. WebAuthn continues to be developed further by these and other industry partners.
  • It offers significant security gains over traditional time-based one-time password (TOTP) or SMS-based two-factor authentication (2FA) – thanks to its secure design based on public key cryptography and strict domain binding. Widespread implementation, which can help curb account takeovers from phishing and other modern cyberthreats, will not be achievable until trust is established with everyday users. 

By understanding WebAuthn and how it functions, we are able to further the adoption of passwordless. Emil Lundberg, software engineer and WebAuthn editor at Yubico, recently joined the Swedish IT security podcast Säkerhetssnack to share more about this. During the podcast, Emil talks about the past, present, and future of WebAuthn and its unique ability to make organizations phishing resistant. Check out the video below to listen to the questions and topics discussed. Some of the highlights from the discussion include:

  • An overview of WebAuthn – what it is and who created it
  • How simple and seamless the WebAuthn process is for end users
  • What happens under the hood when websites authenticate users
  • How the devices your team uses every day are built to work with WebAuthn — and how YubiKeys create the same strong protection across multiple devices 

For more information on WebAuthn implementation and best practices, check out our blog here.

, , , ,
Talk to our teamTalk to our team

Share this article:
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • 2025 Global State of Authentication survey: A world of difference in cybersecurity habitsIn a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving. Bad actors, now supercharged with artificial intelligence (AI), are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises. […]Read moreGlobal State of Authenticationsurvey
  • Making digital security a right: Inside Yubico’s Secure it Forward programTechnology can be a great equalizer — but only if the strongest protection is within reach. Since 2022, Yubico has donated more than 65,000 YubiKeys to hundreds of organizations worldwide — a retail value of over $3.3 million. Each key helps strengthen digital protection for those doing vital work in their communities. This isn’t just […]Read more
  • Unlocking trust in enterprise security: Yubico and Okta empowering businesses togetherCollaboration with ecosystem partners is critical for providing our customers with the best cybersecurity solutions. Together, Yubico and Okta have achieved remarkable milestones over the years, including launching innovative solutions and aligning our go-to-market efforts – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart […]Read moreOktaOktane