The YubiKey as the WebAuthn Root of Trust

The new web authentication standard, WebAuthn, that was recently announced by W3C, is rapidly gaining adoption by leading platforms and services. WebAuthn is an evolution of the FIDO U2F standard, spearheaded by Yubico and Google, and successfully deployed since 2014 by millions of users with YubiKey security keys. Yubico helped to create WebAuthn to extend the standard beyond external security keys to include new internal built-in fingerprint readers and facial recognition technologies. Having these choices is important to drive widespread support for simple, strong and passwordless authentication methods.

In this new authentication landscape, an external security key, such as the YubiKey, takes on the important role of a root of trust. As users move between different platforms and computing devices, having this portable root of trust is essential for enabling rapid bootstrapping on new devices and for recovering when devices are lost, stolen or replaced.

Below is a roundup of some of the best use cases for an external hardware-based authenticator:

  • Device Loss, Theft, or Compromise —In the case that a phone or computer is lost, stolen or replaced, the YubiKey can be used as an easy method to re-establish trust with online accounts and re-register the internal authenticator on a new device. With an external root of trust like the YubiKey, where the user’s credential cannot be tampered with, it allows a high degree of trust to be transferred from device to device and establish all of them as a trusted entity, thereby protecting the account.
  • Multi-Device Access — In today’s digital age, users rarely work from a single device or platform. It’s common to move from a mobile device to desktop, laptop, or tablet, and even between personal and work devices. Having a portable external authenticator that can work across computing devices makes these transitions seamless. With options to connect via NFC, USB-A, USB-C, and soon Lightning, the YubiKey meets the needs of every internet user.
  • Mobile-Restricted Environments — Not all work environments allow employees or contractors to have a mobile phone. Call centers, manufacturing floors, and remote locations are some of the environments where a hardware authenticator is a preferred solution.
  • High Security Applications — Without ties to the internet or a multi-purpose chip or computing device, the attack vector naturally becomes much smaller on an external hardware authenticator. There are certain scenarios where services may choose to require step-up authentication to complete a high-risk action, such as transferring a large sum of money between bank accounts, or updating an address. The YubiKey can be used as an additional form of validation and quickly re-verify the user before the action is taken.
  • Uninterrupted Access – We designed the YubiKey to provide optimal levels of durability. It is crush and water resistant and does not require batteries, so it eliminates the chance of the device being uncharged.
  • Integration with Legacy Systems — Most enterprises use a variety of systems, platforms, and devices, and not all of these support newer authentication standards such as FIDO and WebAuthn. Also, for use cases that require a corporate credential for computer login and remote access, digital signatures for code signing, key escrow for email encryption, or privilege access for older operating environments, the YubiKey’s multi-protocol functionality helps address a wider range of enterprise security needs.
  • Authentication Backup — Regardless of how users secure their accounts, it is always a best practice to have a backup method in case the primary method of authentication is lost, stolen, broken, or inaccessible. The YubiKey is an affordable, simple option that users can carry on their keychain, tuck into a wallet, or store in a safe place for convenient access at any time.

With a growing list of strong authentication options supported by WebAuthn, and the ability to solve use cases across device type, operating system and service, now is the time for companies to add WebAuthn to their services. Developers can take advantage of Yubico’s developer resources to extend user authentication options. To try out the WebAuthn authentication experience please visit the Yubico WebAuthn demo site.

There are more than 3 billion people in the world connected to the internet who need — and deserve — a better more secure experience. Let’s work together toward making the internet a safer place for everyone!

Talk to our teamTalk to our team

Share this article:


  • Digital security’s unique role in protecting our environmentAs sustainability expands to include social, economic, and technological challenges, cybersecurity has emerged as a top global threat – with cybercrime projected to cost $12 trillion this year. Stolen credentials and phishing account for 80% of breaches. At Yubico, making the world more secure is just part of how we care for the world around […]Read moreCSREarth DaySecure It ForwardSustainability
  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing
  • 5 fast cybersecurity tips to clean up your digital lifeWith today being Identity Management Day, now is the perfect time to take stock of your online presence, update security settings, and ensure that your personal data remains protected from cyber threats like phishing. We’re also seeing increasing concerns of DeepSeek and other AI tools around data privacy making these kinds of attacks more successful […]Read morebest practices
  • surface blog crownMicrosofts Surface Pro 10 möjliggör NFC-baserad lösenordsfri inloggning med YubiKeys, för företagDra fördel av det långvariga samarbetet mellan Microsoft och Yubico genom att distribuera YubiKeys tillsammans med den nya Surface Pro 10 enheten för ditt företag. Read morenfcpasswordless