Google paves way for FIDO2 security keys that can resist quantum computer attacks

Security keys are awesome, and if you don’t already have a couple, I suggest you get a couple. 

Not familiar? A security key is a tiny dongle that connects to your computer or smartphone and replaces insecure SMS messages for account authentication. 

When you’re logging into an account and you’re prompted to authenticate, instead of reaching for your phone to add a code from a text message, you just tap the security key, and you’re in.

Also: This is the ultimate security key. Here’s why you need one

They’re the best thing to happen to online security since password managers. 

However, as we shift into an era where quantum computers are going to be able to handle workloads that are today seen as impossible, security is going to have to work to keep up with the dramatic increase in computational power that this represents.

“While quantum attacks are still in the distant future, deploying cryptography at internet scale is a massive undertaking which is why doing it as early as possible is vital,” writes Elie Bursztein, cybersecurity and AI research director, Fabian Kaczmarczyck, software engineer, on Google’s Security Blog. 

“In particular, for security keys this process is expected to be gradual as users will have to acquire new ones once FIDO has standardized post-quantum cryptography resilient cryptography and this new standard is supported by major browser vendors.”

Also: 3 security gadgets I never leave home without

How’s Google managing to protect security keys from the power of quantum computers?

“Fortunately, with the recent standardization of public key quantum resilient cryptography including the Dilithium algorithm, we now have a clear path to secure security keys against quantum attacks.”

One of the challenges is to make all this work on the tiny amount of hardware resources available on a security key. According to Google, it has been able to optimize the code to run on as little as 20KB of memory and also made use of hardware acceleration to make sure that the user experience is smooth.

Google hopes to see this quantum computer resilience added to the FIDO2 key specification and supported by major web browsers in the near future.

Also: The best security keys right now: Expert tested

The blog post goes into much greater detail about how this is accomplished.

In the meantime, I recommend protecting yourself in the here and now with a security key. I recommend the YubiKey 5C NFC, which works as a plug-in key using USB-C, and also uses NFC for iPhones and Android devices that support that.