The FIDO2 industry standard adopted five years ago provides the most secure known way to log in to websites because it doesn’t rely on passwords and has the most secure form of built-in two-factor authentication. Like many existing security schemes today, though, FIDO faces an ominous if distant threat from quantum computing, which one day will cause the currently rock-solid cryptography the standard uses to completely crumble.
Over the past decade, mathematicians and engineers have scrambled to head off this cryptopocalypse with the advent of PQC—short for post-quantum cryptography—a class of encryption that uses algorithms resistant to quantum-computing attacks. This week, researchers from Google announced the release of the first implementation of quantum-resistant encryption for use in the type of security keys that are the basic building blocks of FIDO2.
The best known implementation of FIDO2 is the passwordless form of authentication: passkeys. So far, there are no known ways passkeys can be defeated in credential phishing attacks. Dozens of sites and services now allow users to log in using passkeys, which use cryptographic keys stored in security keys, smartphones, and other devices.