Q&A: Yubico Software Engineer Emil Lundberg on the past, present and future of WebAuthn

With the proliferation of distributed work globally and as cybercriminals become more sophisticated by the day – it’s clear that traditional passwords and legacy MFA simply aren’t strong enough. Enter WebAuthn, an API that makes it easy for web services to integrate strong authentication into applications using support built in to all leading browsers and platforms.

A few key facts to know about WebAuthn: 

  • The story started in 2013, when Yubico and Google co-created the U2F standard and contributed it to the FIDO alliance. U2F was succeeded in 2019 by WebAuthn, developed under the umbrella of the World Wide Web Consortium (W3C) with Yubico, Microsoft, and Google as leading contributors. WebAuthn continues to be developed further by these and other industry partners.
  • It offers significant security gains over traditional time-based one-time password (TOTP) or SMS-based two-factor authentication (2FA) – thanks to its secure design based on public key cryptography and strict domain binding. Widespread implementation, which can help curb account takeovers from phishing and other modern cyberthreats, will not be achievable until trust is established with everyday users. 

By understanding WebAuthn and how it functions, we are able to further the adoption of passwordless. Emil Lundberg, software engineer and WebAuthn editor at Yubico, recently joined the Swedish IT security podcast Säkerhetssnack to share more about this. During the podcast, Emil talks about the past, present, and future of WebAuthn and its unique ability to make organizations phishing resistant. Check out the video below to listen to the questions and topics discussed. Some of the highlights from the discussion include:

  • An overview of WebAuthn – what it is and who created it
  • How simple and seamless the WebAuthn process is for end users
  • What happens under the hood when websites authenticate users
  • How the devices your team uses every day are built to work with WebAuthn — and how YubiKeys create the same strong protection across multiple devices 

For more information on WebAuthn implementation and best practices, check out our blog here.

Talk to our teamTalk to our team

Share this article:


  • Q&A with Yubico’s CEO: Our move to the main Nasdaq market in StockholmAs 2024 draws to a close, it’s the perfect time to reflect on the incredible journey we’ve had this year and how it has shaped where we stand today as a company. To mark this moment, I sat down with our CEO, Mattias Danielsson, to look back on the milestones and achievements of 2024—culminating in […]Read moreCEOMattias Danielsson
  • Exploring DORA: A look at the next major EU mandateFinancial institutions have historically managed operational risk using capital allocation, but under EU Regulation 2022/2554 – also known as the Digital Operational Resilience Act (DORA) – the financial sector and associated entities in the European Economic Area (EEA) must also soon follow new rules. These new rules focus on the protection, detection, containment, and the […]Read moreDORAEU
  • Securing critical infrastructure from modern cyber threats with phishing-resistant authenticationAcross the globe, 2024 has seen a whirlwind of change. With ongoing wars, recent political change-ups and more, growth in data breaches targeting critical infrastructure continue to be on the rise. Critical infrastructure is integral to our everyday life – from the energy and natural resources powering our hospitals and providing clean drinking water, telco […]Read moreCISAcritical infrastructurezero trust
  • surface blog crownMicrosofts Surface Pro 10 möjliggör NFC-baserad lösenordsfri inloggning med YubiKeys, för företagDra fördel av det långvariga samarbetet mellan Microsoft och Yubico genom att distribuera YubiKeys tillsammans med den nya Surface Pro 10 enheten för ditt företag. Read morenfcpasswordless