A Big Day for the Internet: W3C Standardizes WebAuthn

Today’s standardization of WebAuthn by the World Wide Web Consortium (W3C) marks a milestone in the history of open authentication standards and internet security, and Yubico is excited to be a part of it. Through close collaboration with the global internet standards community and the internet giants, Google and Microsoft, we achieved the near-impossible: the creation of a global standard for web authentication that is on track to be supported by all platforms and browsers.

With much of our personal and business lives now online, the need for stronger security has never been more important to protect our digital identities. With WebAuthn, we are addressing the problem behind the vast majority of security breaches — account takeovers due to stolen online credentials.

We have invested considerable time from our engineering staff in the development of this new standard. Including being one of nine Specification Editors, being one of two co-chairs for the W3C WebAuthn group, and having six working group members. When I asked one of our engineers from this group how he liked his job, he responded, “It’s one of the most interesting and scary projects I’ve ever had. We are writing code that will impact the internet security of billions of people, so we feel the responsibility to get this right!”

From start to finish, the WebAuthn spec development has been more than a three-year process, but for Yubico, this is a culmination of more than a decade of innovation and seven years of standards work. Starting first with FIDO U2F, then FIDO2 and now WebAuthn, these standards are a natural evolution built upon each other to bring together new important security capabilities for the modern web:

Driverless, one-touch authentication with a single authenticator that can be used across any number of services with no shared secrets.

Public key cryptography to defend against phishing and man-in-the-middle attacks at scale.

Single-factor, multi-factor and passwordless authentication for web and mobile applications.

WebAuthn recognizes the importance of security keys as well as platform authenticators, such as built-in biometric sensors, by embracing broad support for a choice of authentication devices and modalities. Yubico supports this approach because it fosters widespread adoption of stronger authentication. We contributed to this standard to help as many people as possible stay safe online. Moving forward, the YubiKey will be valued as a high-privacy, high-security authentication choice. In addition, it will take on the important role of the Root of Trust, enabling seamless bootstrapping to new devices and rapid recovery from lost and stolen devices when built-in authenticators are not enabled or no longer accessible.

Microsoft Edge, Mozilla Firefox, Google Chrome and Google Android have already added support for WebAuthn. And Apple Safari is actively testing the API. Additionally, Microsoft Accounts and Dropbox have WebAuthn support. Many more online services will soon follow.

Since FIDO U2F was first launched in Gmail in 2014, Yubico has provided free open source code, and guided the vast majority of online services integrating the standard. We continue this work with WebAuthn. Developers and online services can rapidly add support, including “upgrading” from an existing U2F deployment. By signing up to join the Yubico Developer Program to be informed on the latest reference documentation, testing tools and open source servers.

Individuals and companies who want easy, secure access to their daily online accounts — including those in financial, healthcare, and government services — can accelerate adoption by requesting support for YubiKey and WebAuthn. WebAuthn works with all existing U2F and FIDO2 YubiKeys.

WebAuthn standardization is the foundation for the first-ever web authentication standard designed with scalable public key cryptography and phishing protections. Now we can all help to make the internet safer for everyone.

Talk to our teamTalk to our team

Share this article:


  • Works with YubiKey Spotlight: Expanded partnerships redefining phishing-resistance in 20252024 was an exciting year for Yubico and our partners. Together, we achieved remarkable milestones, launching innovative solutions and forging stronger partnerships – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart of these efforts lies a shared commitment to phishing-resistance.  From registration to […]Read moreWorks with YubiKeywwyk
  • Cybersecurity in 2025 – part two: Insights and predictions from Yubico’s expertsIn part one of our 2025 cybersecurity predictions, we highlighted insights from our experts on the topic of passkeys, digital identity wallets and the threats of AI-driven phishing – areas that saw a lot of focus in 2024, and ones that we expect to continue being a major focus this year. If you missed our […]Read morecritical infrastructurefederal governmentfinancial servicespredictions
  • Cybersecurity in 2025: Insights and predictions from Yubico’s expertsWith 2024 behind us, we saw another challenging year in the world of cybersecurity – highlighted by new and evolving threats like Artificial Intelligence (AI)-driven phishing and increasingly sophisticated cyber attacks overall. Yubico’s September Global State of Authentication Survey confirmed the challenges, even underscoring the potential risks of these new threats. The report emphasized the […]Read moreAIdigital identity walletspasskeyspredictions
  • State of Global Authentic(age)ion: A look at cybersecurity habits by generationsNo generations were left untouched when it came to the threat of hackers in 2024: from the impact of political shakeups, to increasingly sophisticated cyber attacks targeting consumers, critical industries and infrastructures, the world was on high alert. Fueled by a dramatic increase in phishing attacks circumventing certain forms of legacy multi-factor authentication (MFA), as […]Read moreState of Global Authenticationsurvey