---
title: "Identity, Unlocked...Explained | Episode 5"
description: "John Bradley joins the podcast today to talk about identity management specs, including FIDO2"
authors:
  - name: "Vittorio Bertocci"
    url: "https://auth0.com/blog/authors/vittorio-bertocci/"
date: "Nov 9, 2020"
category: "Developers,Campaigns,Identity Unlocked"
tags: ["identity-unlocked", "podcast", "auth0", "fido2"]
url: "https://auth0.com/blog/identity-unlocked-explained-episode-5/"
---

# Identity, Unlocked...Explained | Episode 5



## The Overview

In this episode of _Identity. Unlocked_, principal architect at [Auth0](https://auth0.com) and podcast host, Vittorio Bertocci, has a conversation with John Bradley. John is the Senior Standard Architect at [Yubico](https://www.yubico.com) and the author of many important specifications pertaining to identity management, including FIDO2. 

As usual, Vittorio begins the interview by asking John how he got into the field of Identity. John overviews his career and when he met Vittorio before turning to his current work on web authorization and FIDO2 standards. John’s current company is Yubico, and in his role with the organization, John wrangles standards. In other words, he represents Yubico at standards organizations and plays referee between companies in order to make sure the entire community is benefited by the companies’ shared work. Moving forward, Vittorio asks John to clarify significant terms for listeners. In order to do so, John shares the story of how Yubico and Google worked on their own program, U2F (Universal Second Factor) authentication, as other companies independently started FIDO. Yubico and Google decided to join FIDO in order to not be seen as competing, and the merged organization joined and developed technology to produce FIDO2. John further clarifies that FIDO2 is a marketing term rather than an actual standard, and the standards at play are WebAuthn and CTAP (Client to Authentication Protocol).

Vittorio and John also discuss details about how this technology works, with Vittorio boiling the ideas down to a description of a browser using CTAP to communicate with an authenticator, who then uses WebAuthn to communicate with a website. On the back end, the FIDO infrastructure is one of the various options for server validation. At this point, John clarifies, he and his team see WebAuthn used more as a second factor for authentication than as the first factor; however, with Apple’s work on multi-factor authentication, John imagines that the pattern of WebAuthn use may change. John expects that people will probably use local face or touch identification for the web credential for individual devices. Once this technology becomes ubiquitous, passwords will become increasingly obsolete. Of course, there are still problems that this vision of the future raises, and John and Vittorio talk through some of these problems, the need for the industry to create new practices, and ways in which authentication will likely become more integrated into our lives (as we’ve seen it start to do in the form of such things as wearable authenticators). As the conversation moves toward a conclusion, Vittorio asks John to share about what his team is working on now and plans to work on in the days ahead, including level 2 of WebAuthn, CTAP 2.1, and much more!

## Key Takeaways

**[4:20]** - John clarifies the history of FIDO and FIDO2
<iframe width="100%" height="230px" scrolling="no" style="border: none" src="https://identityunlocked.auth0.com/player/07ba0635"></iframe>

**[6:13]** - John explains the history of WebAuthn
<iframe width="100%" height="230px" scrolling="no" style="border: none" src="https://identityunlocked.auth0.com/player/3215c0e1"></iframe>

**[10:59]** - Uses of WebAuthn
<iframe width="100%" height="230px" scrolling="no" style="border: none" src="https://identityunlocked.auth0.com/player/16f4f646"></iframe>

**[14:57]** - How do you recover passwords without a roaming authenticator?
<iframe width="100%" height="230px" scrolling="no" style="border: none" src="https://identityunlocked.auth0.com/player/66785f49"></iframe> 

**[18:26]** - Has John ever considered an idea like implants for authentication?
<iframe width="100%" height="230px" scrolling="no" style="border: none" src="https://identityunlocked.auth0.com/player/b871ac90"></iframe>

**[21:45]** - John explains his work in progress and what he sees on the horizon.
<iframe width="100%" height="230px" scrolling="no" style="border: none" src="https://identityunlocked.auth0.com/player/fbaf654a"></iframe>
<br />

### Links/Resources:

Learn more about [John Bradley](https://www.linkedin.com/in/ve7jtb/?originalSubdomain=cl) <br />
Follow [John Bradley on Twitter](https://twitter.com/ve7jtb) <br />
Learn more about [Yubico](https://www.yubico.com/) <br />
Learn more about [FIDO2](https://fidoalliance.org/fido2/) <br />

Vittorio Bertocci on [LinkedIn](https://www.linkedin.com/in/vittoriobertocci/)<br />
Vittorio Bertocci on [Twitter](https://twitter.com/vibronet)<br />

Learn more about [Identity, Unlocked](https://identityunlocked.auth0.com/public/49/Identity%2C-Unlocked.--bed7fada/episodes)<br />
Learn more about [Auth0](https://auth0.com/)<br />

<include src="WebAuthnMeCTA" group="B"/>

<include src="asides/IdentityUnlocked" />

<include src="asides/AboutAuth0" />