Hi [[ session.user.profile.firstName ]]

Technical Overview: FIDO2 WebAuthn Data Flows, Attestation, and Passwordless

Watch this webinar for a technical overview of WebAuthn for web applications. This session is led by Emil Lundberg, a key contributor and one of the nine editors of the W3C WebAuthn specification.

Join us for a deep dive into the core concepts required to integrate WebAuthn into your web application, including what happens behind the scenes during registration and authentication.

Key topics include:
- FIDO Authentication, CTAP, and WebAuthn
- Registration Walkthrough
- What is Attestation?
- Resident Keys
- Second-Factor Authentication
- Password-less Authentication

This webinar is intended for software engineers, developers, software architects, and product managers, though it is open to anyone interested on the topic.
Recorded Jun 21 2018 32 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Emil Lundberg, Luke Walker
Presentation preview: Technical Overview: FIDO2 WebAuthn Data Flows, Attestation, and Passwordless

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • 2020 Password & Authentication Security on the Path to Digital Transformation Mar 18 2020 5:00 pm UTC 60 mins
    Dr. Larry Ponemon, Chairman & Founder, Ponemon Institute; Abby Guha, Sr, Director Enterprise Product Marketing, Yubico
    The Ponemon Institute recently surveyed 2,507 IT and IT security practitioners in the United States, United Kingdom, Germany, France, Sweden, and Australia regarding password and authentication behaviors. Additionally, 563 individual users were surveyed to understand the differences in security behaviors between IT security practitioners and individuals. The findings were enlightening in answering questions like:

    What information are businesses and individuals most concerned with protecting? How many respondents admit to reusing passwords for workplace accounts? And how does the state of passwords and authentication impact a company’s ability to progress toward Digital Transformation?

    Register for this webinar to:
    - See how IT security and individual users respond to security threats
    - Understand security behaviors and practices in the workplace
    - Gauge the popularity of passwordless authentication
    - Clarify how businesses can protect customer accounts with strong two-factor authentication
    - Discover the increased risk to businesses with personal mobile devices being brought into the workplace
  • Conveniently Protecting Cryptocurrency Assets Mar 12 2020 5:30 pm UTC 45 mins
    * Lance Vick, Lead Security Engineer, BitGo, Guido Appenzeller, Chief Product Officer, Yubico
    One of the primary impediments standing between cryptocurrency and mass adoption has been the process for securing the digital assets. Earlier methods created challenging user experiences at either the user or exchange level when trying to ensure protection. Luckily, strong authentication no longer has to be burdensome. This webinar explores how a progressive cryptocurrency exchange adopted and endorsed a secure authentication method that protects its customers' in a way that is as easy to use as it is strong.

    Attend this webinar to:

    * Learn about current perceptions surrounding cryptocurrecy account and exchange security
    * Hear practical advice for better security from BitGo's Lead Security Engineer
    * Explore how a physical, multi-protocol key has become a vital ingredient for wider cryptocurrency adoption and use
  • YubiEnterprise Services: Hardware Authenticators as a Service Recorded: Feb 20 2020 46 mins
    Suresh Thiru - Vice President, Product Management; Percy Wadia - Sr. Director, Product Management
    Flexible purchasing, seamless upgrades and automated provisioning -

    Organizations are looking for better and more efficient ways to improve security while making it easier for users to adopt best practices and enhance productivity. Hardware based security keys provide the best security, however purchasing and provisioning them to users on a global scale can be challenging for some organizations.

    With YubiEnterprise Services, organizations can now eliminate the logistical, budgetary, or planning challenges associated with achieving company-wide security with strong authentication. Moving from CAPEX to OPEX makes predictable spending possible, introduces more flexibility, and paves the way to easily replace keys or even upgrade to the latest keys. And, with the option of Yubico handling all logistics end-to-end for keys distribution, getting users up and running on industry-leading authentication has never been easier.

    Attend this webinar to:
    - Learn how how hardware authenticators sold as a service create convenience, predictability, and expanded security
    - Discover how shifting hardware key purchases from CapEx to OpEx makes smart business sense and provides increased flexibility
    - Explore how YuboEnterprise services can remove the burden of managing and distributing YubiKeys to all your users
  • Empower the Workplace using Modern Authentication Recorded: Jan 23 2020 44 mins
    Jeff Broberg, Senior Director of Product Management, OneLogin / Karen Larson, Integrations Program Manager, Yubico
    Passwords typically lead the entryway for accessing a company’s assets. However, with the increase in data breaches due to weak passwords, organizations are looking for better alternatives when it comes to authentication.

    Learn how WebAuthn helps organizations move away from passwords and towards a reduced password environment. Now organizations have the flexibility and options to leverage biometrics authentication for seamless user experience, without compromising security.

    View this webinar to learn:

    -How modern biometrics authentication impacts today’s workforce
    -Use cases of WebAuthn/FIDO2
    -Best practices to employ WebAuthn/FIDO2 authentication to enable secure access to your organization’s assets
  • Leverage Microsoft Azure AD and YubiKeys for MFA in the Enterprise Recorded: Dec 17 2019 53 mins
    Derek Hanson, VP Solution Architecture, Yubico / Libby Brown, Sr. Program Manager, Cloud Authentication, Microsoft
    For many enterprise organizations, one of the challenging components to going passwordless is an environment that includes on-premise and cloud applications. Innovations from both Microsoft and Yubico support the flow of secure authentication using different identity and access management methods. During this webinar, we will go deeper into use cases involving the passwordless setup for mixed environments utilizing YubiKeys

    Attend this technical webinar to learn about:

    * Azure AD architecture for passwordless
    * The journey towards passwordless for enterprise organizations
    * Enabling YubiKeys for passwordless authentication
  • Go Passwordless with Yubico and Microsoft: WebAuthn, FIDO2 and Azure AD Recorded: Dec 12 2019 52 mins
    Hormazd Romer, VP Product Marketing, Yubico and Jon Wojan,Partner Technical Architect, Microsoft
    Secure passwordless authentication is coming to a computer near you! WebAuthn, a new standard published by the W3C, along with the FIDO2 spec now make this promise a reality. Microsoft’s upcoming support for Windows 10 passwordless login via Azure Active Directory means soon hundreds of millions of users will be able to experience the convenience of passwordless login at a higher level of security than the traditional combination of password and multi-factor authentication (MFA).

    Experts from Yubico and Microsoft will provide an overview of the journey to passwordless, its key benefits, and why it is more secure than typical MFA.

    Attend this webinar to learn:

    * The roadmap to passwordless
    * Use cases and advantages of the WebAuthn and FIDO2 standards
    * How passwordless will work with Windows 10 and Azure AD
    * How to get started with passwordless authentication
  • Top 5 Best Practices for Strong Authentication in Call Centers Recorded: Nov 7 2019 30 mins
    Abby Guha, Senior Director Product Marketing, Yubico
    The call center plays a pivotal role in the success of an organization and its brand perception. Call center agents not only solve customer problems on a daily basis, but they help build customer relationships.

    In order to do their jobs, agents frequently access sensitive and protected data. The importance of high security operations in a call center cannot be overstated--customer and financial data needs to be protected and accessed securely at all times.

    View this webinar to learn:

    * The current challenges faced by call centers
    * The top 5 best practices for strong authentication
    * The optimal approach to maximize productivity, mitigate threats, and meet compliance requirements
  • Tips, Tricks & Predictions to Help Navigate Today’s Cyber Security Challenges Recorded: Nov 6 2019 64 mins
    Corey Williams, Idaptive / Alex Yakubov, Yubico / Benjamin Rice, Bitglass / David Szabo, Palo Alto Networks
    Hear executives from Idaptive and leading security firms Yubico, Bitglass and Palo Alto Networks engage in a lively roundtable discussion inspired by National Cyber Security Awareness Month (NCSAM) and the goal of providing cyber security education and guidance to enterprises and individuals alike.

    Each of the distinguished panelists shares security tips, tricks and recommendations that organizations can put to use to improve or enhance the security of their business. They’ll also provide tips that individual consumers can put to use as they navigate today’s complex digital world.

    Panelists also share predictions about the security challenges that may lie ahead in 2020, and what organizations, in particular, can do to anticipate and mitigate these challenges.

    This unique panel is comprised of executives from the leading organizations in Identity-as-a-Service (IDaaS), hardware authentication security keys, Next-Gen CASB, and technology and infrastructure for cloud, network and mobile device protection.


    * Helpful insights and ideas for improving your organization’s security posture
    * Perspectives representing a variety of security disciplines
    * A look ahead to 2020 that will help with cyber security planning and investment prioritization

    Moderator: Corey Williams, VP Strategy & Marketing, Idaptive

    Panelists: Alex Yakubov, VP Partner Marketing, Yubico / Benjamin Rice, VP Business Development, Bitglass / David Szabo, Director of Product Marketing, Cortex Data Lake Palo Alto Networks
  • Empower the Workplace using Modern Authentication Recorded: Oct 29 2019 45 mins
    Jeff Broberg, Senior Director of Product Management, OneLogin / Karen Larson, Integrations Program Manager, Yubico
    Passwords typically lead the entryway for accessing a company’s assets. However, with the increase in data breaches due to weak passwords, organizations are looking for better alternatives when it comes to authentication.

    Learn how WebAuthn helps organizations move away from passwords and towards a reduced password environment. Now organizations have the flexibility and options to leverage biometrics authentication for seamless user experience, without compromising security.

    View this webinar to learn:

    -How modern biometrics authentication impacts today’s workforce
    -Use cases of WebAuthn/FIDO2
    -Best practices to employ WebAuthn/FIDO2 authentication to enable secure access to your organization’s assets
  • SIM Swap and Mobile Authentication Challenges: Protect Against Account Takeovers Recorded: Oct 22 2019 52 mins
    Hormazd Romer, VP of Product Marketing, Yubico
    Account takeovers from SIM swap attacks that target taking over a mobile phone number are on the rise.

    Although multi-factor authentication (MFA) is recommended to provide strong authentication, not all MFA solutions are created equal. SMS and mobile-based authentication methods have been very common, but as recent news headlines have shown, are not very secure.

    Information security professionals should realize they can no longer rely on phone numbers as a secure method of strong authentication. In fact, NIST has deprecated the use of SMS authentication in their guidelines. Similarly other mobile based authentication methods can also be susceptible to phishing and man-in-the-middle (MITM) attacks.

    Attend this webinar to learn:

    * The challenges with current phone-based authentication methods
    * The pros and cons of each authentication method
    * How FIDO2 and WebAuthn, the new authentication standards, enable strong, user-friendly authentication
    * Best practices for enterprise authentication
  • New Strategies to Protect Healthcare Employees from Breaches, Scams & User Error Recorded: Sep 20 2019 56 mins
    Andy Nieto, Global Healthcare Solutions Manager, Lenovo / Allison Heeter, NA Brand Ambassador, Lenovo / Abby Guha, Sr. Direct
    In a recent Lenovo Health webinar, fifty percent of the participants confirmed that employee neglect represents their biggest security threat--and with good reason. It has been found that healthcare employees click on 1 out of every 7 phishing email scams, and nearly a quarter of healthcare employees write their user names and passwords near their computers.

    Fortunately, a multitude of security tools are available now to simplify security and protect employees from costly missteps. In this session, a panel of security experts will share their insights on the most effective employee security strategies, including:

    * How to identify your organization's greatest risks
    * The latest hardware and software solutions for data and identity protection
    * Best practices for ongoing employee education
  • Enabling Passwordless Authentication with a Secure Root of Trust Recorded: Sep 19 2019 43 mins
    Abby Guha, Senior Director Product Marketing, Yubico
    Even though many organizations have implemented multi-factor authentication (MFA) through mobile push, or One Time Passwords (OTP) via SMS and mobile apps, these authentication techniques have been shown to be very vulnerable to account takeovers.

    As most users have multiple devices they use on a day-to-day basis to log into websites, services and applications, how do you enable fast, easy, and secure authentication to every device? New standards such as FIDO2 and WebAuthn now make this possible, and easy to implement.

    Attend this session to learn:

    * What is a root of trust
    * Why a secure root of trust is important
    * How a WebAuthn powered root of trust works
    * The key benefits of passwordless login for your employees, partners, and customers
    * Portable root of trust use cases
  • Paving the Way to a Passwordless Future Recorded: Aug 21 2019 64 mins
    Abby Guha, Senior Director, Product Marketing, Yubico; Jim Manico, Founder, Manicode Security
    It is increasingly apparent that authenticating only with username and password is no longer sufficient as stolen passwords are responsible for 81% of data breaches. And even though many organizations have implemented multi-factor authentication (MFA) through mobile push, or One Time Passwords (OTP) via SMS and mobile apps, these authentication techniques have been shown to be vulnerable to account takeovers.

    Attend this webinar to learn:

    * How WebAuthn, the new web authentication standard, is paving the way for a highly secure passwordless future
    * The key benefits of passwordless login for your employees, partners, and customers
    * Best practices for enterprise authentication
  • Improving Enterprise Authentication: Taming the Password Beast Recorded: Jul 26 2019 62 mins
    John Pironti, President, IP Architects / Jerrod Chong, Chief Solutions Officer, Yubico
    Many enterprises have implemented some basic methods for managing user authentication to sensitive data, and some have even mastered the “single sign-on” problem for data access. But today’s IT environment increasingly involves a wide range of user devices and locations, including mobile equipment, cloud services, and even Internet of Things devices. In this Dark Reading webinar, top experts will discuss emerging methods for solving the authentication problem, and for building authentication strategies that go beyond the enterprise premises.

    Attend this webinar and you'll learn:

    * what essential questions you must ask yourself and your service providers, before designing an authentication strategy for your business

    * why the FIDO2 / WebAuthn standard shifts authentication paradigms and might support your identity and access management strategy

    * how to support better security and lower friction for both internal and external users

    * what to consider now if you want your authentication strategy to stand the test of time (and whether passwords should be part of the long-term plan)
  • Okta + Yubico: The Path to Passwordless Recorded: Jul 17 2019 46 mins
    Derek Hanson, VP Solutions Architecture and Alliances, Yubico and Swaroop Sham, Product Marketing, Okta
    Using WebAuthn to deliver secure and seamless authentication

    The current use of username and password authentication creates heavy support load due to helpdesk calls, resulting in lost productivity and high IT costs. While two-factor and multi-factor authentication have been demonstrated to be effective in protecting users from account takeover, the lack of global web standards has hampered widespread adoption to date.

    Web Authentication, or WebAuthn, is a new global standard introduced by the World Wide Web Consortium (W3C) and FIDO Alliance for secure authentication to web applications. WebAuthn defines a standard API that enables web applications to easily invoke strong authentication without a password via built-in support to all leading browsers and web platforms.

    With WebAuthn, users and organizations now have more flexibility and can leverage strong authentication using a combination of an external authenticator, such as a security key, and an internal platform authenticator, such as a biometric touchpad or camera on a laptop to access their web service.

    In this webinar, the speakers will cover:

    * Shortcomings of current authentication methods
    * WebAuthn background and its benefits
    * How to achieve strong, user-friendly authentication and move towards passwordless logins
  • Authentication: It's All About the User Experience Recorded: Jun 13 2019 59 mins
    Matt Bromiley,SANS Instructor & Incident Responder and Hormazd Romer, VP of Product Marketing, Yubico
    Authentication: It's All About the User Experience

    Authentication, including passwords, remains a weak link for enterprise security, despite many attempts to improve or strengthen it. Because people must authenticate themselves, effective authentication depends heavily on users, whose experience and willingness to comply often compromise security. This SANS webcast and associated new paper looks at the current state of authentication and ways to deploy a better process.

    SANS senior instructor Matt Bromiley, with insights from Yubico’s Hormazd Romer will talk about the challenges with passwords, existing authentication technologies and recent developments to improve authentication. The role of industry standards, including WebAuthn, will be addressed, along with specific recommendations to implement strong authentication. that protect the organization and provide a better experience for your users.
  • The Future of Authentication: How Two Factor Authentication is Dying Recorded: Jun 2 2019 59 mins
    Dr. Johannes Ullrich, SANS
    We all know that passwords do not work. For many years, ubiquitous phishing attacks, brute forcing, and credential stuffing using reused passwords has shown that organizations should not rely on passwords to authenticate users. This has pushed many organizations to race to implement two factor authentication.

    Two factor authentication has become a lot cheaper and simpler to implement in recent years, but the bad guys didn't rest on their data stashes either, and implemented some effective means to attack sites protected by two factor authentication. In addition, more and more users are using mobile devices as primary means to access web applications. Mobile web applications are often difficult to use with complex passwords and two factor authentication.

    Luckily, standard organizations have been working on this problem, and we now have some emerging standards that are being deployed in popular browsers. In this webcast, you will earn how these new standards like WebAuthn work, how to implement them, and what attacks they protect from.
  • Enabling GRC with Secure Authentication Across the Digital Ecosystem Recorded: May 30 2019 77 mins
    IT GRC Forum
    The days of securing a well-defined perimeter around your organization are gone. The cloud, mobile technologies, the internet of things (IoT) and diverse user groups freely exchange data across digital ecosystems, network and economies. This fluidity, however, means that organizations must secure access at multiple points throughout the organization, or risk letting in intruders seeking to hijack data.

    To manage the increasingly diverse digital landscape, IT and security managers need to move beyond usernames and passwords, and expand their use of multi-factor authentication (MFA) to help provide secure and convenient access to the critical data and systems users need. On this webinar our panel of experts will address how secure authentication can help enable GRC across the digital ecosystem, and they will share tips on:

    • Securing access at all points across applications, devices, users and environments.
    • Sharing insights across security systems to strengthen security.
    • Collecting and analyzing information to stop attacks.
    • How MFA can transform secure access—to any application, from any device, anywhere, at any time.
    • Strengthening identity assurance with privileged users.

    Moderator: Colin Whittaker, founder of Informed Risk Decisions

    Panelists: Jerrod Chong, SVP of Product at Yubico; Richard Bird, Chief Customer Information Officer at Ping Identity; Teju Shyamsundar, Senior Product Marketing Manager at Okta; and Andy Smith, Vice President of Product Marketing at Centrify.
  • Securing PKI with PrimeKey EJBCA and the YubiHSM 2 by Yubico Recorded: May 6 2019 35 mins
    Chris Job - PrimeKey, Professional Services Team Leader / Sebastian Elfors - Yubico, Solutions Architect
    Hardware security modules are table stakes when it comes to maintaining customer trust to protect against data theft and compromise. The world’s smallest hardware security module from Yubico, the YubiHSM 2, is now compatible with EJBCA for a range of public key infrastructure (PKI) use cases. PrimeKey and Yubico offer open source software and tools for implementing PKI based on PrimeKey’s EJBCA and the YubiHSM 2.

    Join Yubico Solutions Architect Sebastian Elfors,and PrimeKey Professional Services Team Leader Chris Job, for a technical webinar on how to secure your most critical data with PrimeKey EJBCA and the YubiHSM 2.

    This session will include:

    * An introduction to securing PKI with a hardware security module
    * Primary setup of the YubiHSM 2
    * Deploying YubiHSM 2 with PrimeKey’s EJBCA
    * Configuring the YubiHSM PKCS #11 library
    * Configuring EJBCA for use with YubiHSM 2
    * Adding and activating YubiHSM 2 Crypto Token in EJBCA AdminWeb
    * And more

    It is highly recommended that attendees read the EJBCA with YubiHSM 2 Usage Guide prior to attending this session in order to get a good baseline understanding.

    The usage guide is available here: https://developers.yubico.com/YubiHSM2/Usage_Guides/EJBCA_with_YubiHSM2.html
  • Enabling Digital Transformation: Best Practices for Authentication Recorded: Mar 13 2019 45 mins
    Abby Guha, Sr. Director, Product Marketing, Yubico
    The digital transformation of financial services is placing new demands on organizations looking to balance ease-of-use with security and stringent compliance regulations. How should financial services organizations provide secure access to customer information, account details, and other sensitive information without all the complexity?

    Most systems and applications require passwords and some may even have text based mobile authentication, but is that enough? How can organizations take advantage of new models for user authentication that offer opportunities to deliver ease of use while adhering to stringent security requirements.

    Attend this webinar to learn:

    - Risky password practices being used in workplaces
    - Best practices for enterprise authentication
    - How to mitigate risk with multi-factor authentication
    - Use cases for providing strong authentication to your employees and customers
Your Key to a Safer Internet
Yubico was founded in 2007 with the mission to make secure login easy and available for everyone. In close collaboration with leading internet companies and thought leaders, Yubico co-created the FIDO U2F and FIDO2/WebAuthn open authentication standards, which have been adopted in major online platforms and browsers, enabling two-factor, multi-factor, and passwordless login and a safer internet for billions of people.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Technical Overview: FIDO2 WebAuthn Data Flows, Attestation, and Passwordless
  • Live at: Jun 21 2018 6:00 pm
  • Presented by: Emil Lundberg, Luke Walker
  • From:
Your email has been sent.
or close