WebAuthn sees rapid growth and adoption: Visit us at Identiverse to see WebAuthn in action

June 25, 2019 4 minute read

The new web authentication standard, known as WebAuthn, was recently approved by the World Wide Web Consortium (W3C) in March, and is rapidly gaining momentum. Since 2007, Yubico has been driving the development of open standards, and collaborating with partners to bring more secure authentication methods to users.  Through these combined efforts, we co-created WebAuthn.

What makes WebAuthn so noteworthy is that it is supported by all major platforms and browsers, providing users with greater choice of simple authentication methods that protect against phishing attacks. With WebAuthn, users can choose to use any combination of external authenticators, such as a security key, and internal authenticators, such as a biometric keypad on a computer, to secure access to web services and applications. That’s huge.

Microsoft, Google, and Mozilla already support WebAuthn in their web platforms and browsers. Support is currently on the developer preview version of Apple Safari. Upcoming support on Brave browser has been announced by Brave Software. Along with the platform and browser support, a growing number of web services have also rolled out WebAuthn support to their users, including Login.gov, Singular Key, Daon, Isosec, Twitter, and Ping Identity, with more services committed to launching support in the near future.

WebAuthn is quickly gaining momentum, so we asked some of our Works with YubiKey partners to share why they decided to implement support. Here’s what they said:

Jasper Patterson, Web Developer, 1Password

“Our goal at 1Password is to make it easy for people to stay safe online, and adopting modern standards like WebAuthn helps us achieve that. Integrating WebAuthn into our existing two-factor implementation took about a week. The API is well designed and easy to work with for developers.”

WebAuthn offers significant security gains over traditional time-based one-time password (TOTP) or SMS-based two-factor authentication (2FA), all thanks to its secure design based on public key cryptography.

Yves Audebert, CEO, Axiad IDS

“Extending Axiad ID Cloud to support WebAuthn/FIDO2 is a step forward in providing a passwordless and frictionless authentication experience to our customers. Axiad ID Cloud leverages all the features offered by YubiKeys to further our commitment to meeting our customers’ authentication needs.”

Axiad ID Cloud is a standards-based higher-trust identity assurance platform that provides multi-factor authentication (MFA) and dedicated PKI services to secure digital interactions. Axiad IDS expects to roll out support in the back half of this year.

Ben Goodman, SVP, Global Business and Corporate Development, ForgeRock

“ForgeRock is excited to offer WebAuthn as a native authentication option for our identity platform. Hardware authentication enabled by WebAuthn provides a more secure user authentication option, while simultaneously making for an easier, more frictionless experience. This is a “Win-Win” for end-users and application owners.”

ForgeRock’s Intelligent Authentication technology has the capability to orchestrate a multitude of authentication options. WebAuthn support enables ForgeRock to seamlessly extend that functionality to a whole new breed of devices and authenticators.

Jeff Broberg, Sr. Director, Product Management, OneLogin

“WebAuthn simplifies the rollout and adoption of MFA by enabling users to leverage authenticators across mobile and desktop platforms in a more integrated fashion. Combining external authenticators, like the YubiKey, with desktop and mobile biometric sensors benefits both enterprise admins and end users.”

Adopting strong and simple authentication is critical to secure corporate resources from advanced cyber identity threats. With WebAuthn support, OneLogin expands their portfolio of strong authenticator options and makes it simpler for users to choose an authenticator that works best with their primary device.

Arshad Noor, CTO, StrongKey

“We recognize that behavior change is no easy task. Our implementation of FIDO2 and the certification of our FIDO2 server enable us to provide the ease and convenience of WebAuthn to our customers and their users through a safer and more user-friendly alternative to passwords.”

StrongKey has been committed to providing the strongest possible level of encryption and authentication technology to keep data safe for almost two decades. With WebAuthn support, StrongKey delivers phishing-resistant authentication to their users.

Jai Dargan, VP Product Management, Thycotic

“We’re excited to be a part of the Works with YubiKey program, and work together to educate customers about the benefits of strong, hardware-backed MFA.”

Thycotic and Yubico share the same vision that security should be easy to use, even for large organizations with dispersed teams and hundreds of thousands of assets to protect.

Yubico offers free resources and tools for rapidly implementing WebAuthn into an app or service. Visit the Yubico For Developers page to get started. To experience WebAuthn first-hand, visit our WebAuthn demo site.

Learn more about WebAuthn by downloading the WebAuthn Solution Brief

Share this article:

Recommended content


Top five pitfalls companies should avoid when rolling out a passwordless strategy

Given the number of breaches in the news today where passwords were at the root of the problem, many companies are now exploring the benefits of a secure passwordless future. Secure passwordless logins not only bring cost efficiencies and a more frictionless user login experience into the organization, but deliver the security that is necessary ...


Built-in FIDO authenticators and YubiKeys are making the internet safer for all

In 2007, Yubico set out to protect as many people as possible by making secure login easy and available for everyone. We are happy Apple has joined Yubico, Google, and Microsoft on this journey by implementing W3C WebAuthn/FIDO compatible platform authenticators and are pleased to say that now all major platforms have adopted the standards ...


How will authentication standards evolve in 2021 and beyond?

Authentication standards development is like a slow-moving, winding river. It often takes years of dedicated work to reach new milestones, yet it feeds the entire security ecosystem and sustains digital workflow safety throughout the enterprise. While the benefits of this river are often invisible to the end-user, CISOs and developers are thinking about the river’s ...


SIM Swap Protecting Against Account Takeover with WebAuthn

Billions of dollars are being stolen annually due to account takeover fraud.