Q&A: Yubico Software Engineer Emil Lundberg on the past, present and future of WebAuthn

Ryan Schin

Ryan Schin

2 minute read

With the proliferation of distributed work globally and as cybercriminals become more sophisticated by the day – it’s clear that traditional passwords and legacy MFA simply aren’t strong enough. Enter WebAuthn, an API that makes it easy for web services to integrate strong authentication into applications using support built in to all leading browsers and platforms.

A few key facts to know about WebAuthn: 

  • The story started in 2013, when Yubico and Google co-created the U2F standard and contributed it to the FIDO alliance. U2F was succeeded in 2019 by WebAuthn, developed under the umbrella of the World Wide Web Consortium (W3C) with Yubico, Microsoft, and Google as leading contributors. WebAuthn continues to be developed further by these and other industry partners.
  • It offers significant security gains over traditional time-based one-time password (TOTP) or SMS-based two-factor authentication (2FA) – thanks to its secure design based on public key cryptography and strict domain binding. Widespread implementation, which can help curb account takeovers from phishing and other modern cyberthreats, will not be achievable until trust is established with everyday users. 

By understanding WebAuthn and how it functions, we are able to further the adoption of passwordless. Emil Lundberg, software engineer and WebAuthn editor at Yubico, recently joined the Swedish IT security podcast Säkerhetssnack to share more about this. During the podcast, Emil talks about the past, present, and future of WebAuthn and its unique ability to make organizations phishing resistant. Check out the video below to listen to the questions and topics discussed. Some of the highlights from the discussion include:

  • An overview of WebAuthn – what it is and who created it
  • How simple and seamless the WebAuthn process is for end users
  • What happens under the hood when websites authenticate users
  • How the devices your team uses every day are built to work with WebAuthn — and how YubiKeys create the same strong protection across multiple devices 

For more information on WebAuthn implementation and best practices, check out our blog here.

, , , ,
Talk to our teamTalk to our team

Share this article:
  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing
  • 5 fast cybersecurity tips to clean up your digital lifeWith today being Identity Management Day, now is the perfect time to take stock of your online presence, update security settings, and ensure that your personal data remains protected from cyber threats like phishing. We’re also seeing increasing concerns of DeepSeek and other AI tools around data privacy making these kinds of attacks more successful […]Read morebest practices
  • Navigating the PCI DSS 4.0 transition and meeting compliance with phishing-resistant YubiKeysIn just a few days, on March 31, 2025, decision makers in industries that involve payment processing – including financial services, retail & hospitality and telecommunications – are tasked to finalize the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0. This deadline marks a critical juncture for all organizations handling payment card […]Read moreNISTPCI DSSPCI DSS 4.0
  • Building cyber resilience with Yubico and MicrosoftIn today’s digital landscape, cyber threats are evolving at an unprecedented pace: every second, a phishing attack takes place. In fact, over 80% of these attacks are the result of stolen login credentials and almost 70% of phishing attacks relied on AI last year alone. Recent data from Microsoft Entra also reveals a staggering increase […]Read moreMFA mandatesMicrosoft