The advent of quantum computing brings both promise and peril. While quantum computers will allow us to solve complex problems far beyond the capabilities of classical computers, they may also be able to crack encryption that secures our data today, including passwords.
Most passwords and sensitive data on the internet are protected by public key cryptography standards like RSA and ECC. These rely on the difficulty of factoring large prime numbers to secure data. However, quantum computers will be able to easily break this kind of encryption through Shor’s algorithm. So what does this mean for password security in the coming quantum era?
Preparing for the Post-Quantum World
Fortunately, the cybersecurity community is already working on building post-quantum cryptography (PQC) standards. PQC uses different hard mathematical problems like lattice-based and multivariate cryptography that won’t succumb to quantum algorithms. Major internet organisations like Google, Microsoft, and Mozilla are researching and implementing quantum-safe encryption.
For now, experts recommend users continue using long, unique passwords for each account. Enable multi-factor authentication (MFA) like biometrics or codes sent to your mobile when available. While not impervious to quantum threats, these steps bolster password security substantially. As quantum computing matures, we may see shifts like adopting passphrases over passwords or QR codes over SMS for MFA.
When Will This Become a Real Threat?
Mainstream quantum computing capable of breaking RSA and ECC at scale is likely still years away. But prudent planning means beginning the transition to PQC now. The US National Institute of Standards and Technology (NIST) is currently assessing PQC algorithms with the goal of standardizing the most secure options.
Once standards are set, implementation will take time. Most estimate this full upgrade to quantum-safe encryption could take 5-10 years. So for typical internet users, the quantum threat to passwords is not imminent. With careful preparation, we can ensure a smooth and secure transition.
Other Quantum-Safe Security Measures
Beyond PQC standards, security experts recommend additional steps to safeguard passwords and data against quantum threats:
- Use password managers with local encryption to generate and store unique random passwords.
- Favor symmetric encryption and quantum-resistant hash functions like SHA-3.
- Leverage blockchain technology, which is considered quantum-safe.
- Adopt physical security keys that provide protection beyond simple passwords.
The Future of Password Security
Quantum computing will necessitate upgrades to cybersecurity practices we’ve relied on for decades. But with preparation and continued research into quantum-resistant solutions, password and data security will evolve to meet these new challenges. Maintaining strong unique passwords and enabling MFA provides substantial security for now.
As individuals and organisations implement emerging post-quantum standards over the next 5-10 years, password security will be re-architected. But with prudent steps taken today, the quantum leap can be made securely.