Passkeys have been publicly available for roughly a year. Engineered for security and phishing protection, this new form of passwordless authentication is still in the headlines — now under scrutiny.
Some in the industry have questioned the longevity of passkey technology; specifically, how vulnerable they might be in a world where quantum computing is the norm. Many are questioning whether passkeys will remain a formidable force for decades or be rendered a liability faster than you can say “asymmetric cryptography.”
We feel pretty strongly about passkeys around here, so this topic begs to be explored and I’m thrilled you’re joining us for the journey. We have a jam-packed itinerary today: establishing a few fundamentals, traveling through time (no big deal), and uncovering some missing pieces before we arrive at a conclusion.
Are passkeys built to succeed in a world of quantum computing or doomed to fail?
Let’s find out.
Built to win
Passkeys allow you to access your accounts and data without a traditional plaintext password. Behind each individual passkey is actually a pair of keys: a public key and private key.
The public key is just that — publicly available, and safe to share with websites and apps you want to sign in to. Its partner, the private key, is never shared with websites or apps and, in fact, never leaves your 1Password vault unless you choose to securely share a passkey with someone you trust. This security design is based on public key cryptography and differs from the typical username-and-password credentials, which rely on a shared secret.
The long and short of it: Passkeys are among the few inherently secure login methods around. They’re also built for (and on) classic computers — the laptops, phones, and tablets you know and love; the ones you rely on every day.
And worlds away from the computing and devices we’re accustomed to, you’ll find quantum computers.
While quantum computers share some characteristics with classic ones – like algorithms, binary code and objects to encode it – they use quantum bits, or qubits, to process information. And that process is very different from the one that takes place on our everyday devices.
Now I’ll do complete injustice to what is a deeply complex and utterly fascinating topic with a summary (for the sake of brevity).1
Quantum technology capitalizes on subatomic particles and their unique ability to exist in more than one state at a time. When it comes to computing, this means the potential to store vast amounts of information and use minimal energy while doing so (apart from cooling costs, but that’s a tangent for another day). It also means ridiculous speed — processors that are a million or more times faster than those currently available, given certain tasks.
Given such incredible and unprecedented power, the first commercial quantum computer sold in 2011 for a reported $10 million USD. It was a behemoth of a machine used for research and development on the limited number of problems the system was designed to address. But its buyer, Lockheed Martin, planned to build on the technology over time. Twelve years later, the current valuation has only increased thanks to inflation and technological advancements.
But the ability to break otherwise-unbreakable classic cryptography is not among those technological advancements — and may not be as imminent as the hyperbole suggests.
Leaps and bounds
With that out of the way, perhaps your curiosity has shifted to the plausibility. And, to put it bluntly, how much time we have before today’s cybersecurity crashes and burns.
Analyses and subsequent declarations of quantum’s dismantling of classic encryption (and there’s plenty) typically have something in common: Shor’s algorithm.
In 1994, Dr Peter Shor2 presented a quantum algorithm that could solve discrete logarithms in about the same time it took a classic computer to do so — and he saw potential for even better performance. Building on initial findings, Shor went on to show that a (hypothetical) quantum computer could solve prime factorization.
Well, one could argue there are countless ‘problems’ more deserving of a solution given prime factorization is used in many public-key cryptography systems3 — we rely on it to encrypt innumerable secrets every single day.
In other words, when Shor proved quantum computers would have the ability to break large numbers into their prime factors much faster than classic computers, he proved quantum computers could weaken or break many of the encryption methods we use today.
As for the timeline, just last year researchers determined 13 x 10⁶ (13 million) physical qubits and an entire day are required to break 256-bit elliptic curve encryption (ECC). Coincidentally, ECC – specifically Elliptic Curve Digital Signature Algorithm (ECDSA) – is the public key cryptography approach that goes to work every time you log in with a passkey. And as of November 2023, the largest quantum computer ever was 433 physical qubits.
I’m no mathematician, but I believe 13,000,000 is significantly larger than 433; that tells me there’s work to be done before quantum technology can be used to decimate cybersecurity as we know it.
What’s more, as time passed and we learned more about quantum technology and the requirements to break sophisticated classic encryption (i.e. a ton of logic gates are needed to tackle a 2048-bit RSA key), proclamations of doom have been hedged and softened by many, including Dr Shor.
“Softened” is far from disproven, though; we have to consider broken encryption a real (future) possibility. So, let’s do that.
Imagine your passkeys circa 2023 are being used in a world alongside a quantum computer that’s large enough (and of sufficient fault tolerance) to weaken/break classic crypto: a cryptographically relevant quantum computer (CRQC). Those passkey credentials and the accounts they protect would certainly be vulnerable in that exact world.
So, join me, friends, as I abandon passkeys; panic and live in fear!
No, and definitely not. Because there’s a fairly relevant factor some of the folks tackling this issue fail to take into account: The entire hypothesis we’re addressing assumes quantum computing will evolve by leaps and bounds while passkeys remain completely stagnant.
But as quantum computing grows teeth, post-quantum security does, too.
Safe and sound
Cyberattacks grow more sophisticated every day. That’s hardly news. But future advances are factored into crypto-systems in anticipation; essentially design features. That means there’s a ton of work going into thwarting the malicious use of quantum power.
Google released an implementation of quantum-resistant encryption and NIST, an agency of the US government – the US government that reportedly earmarked $1.2 billion of its 2022 defense budget for post-quantum security development – conducted a project to standardize a quantum-resistant public-key algorithm.
And, what relies on public-key crypto? Passkeys.
When they were released to the public in 2022, passkeys were a brand new method of passwordless authentication — let’s call them Passkeys v1.0. They have a lot of room (and time) to grow. It’s highly likely, if not inevitable, passkeys will evolve to be quantum safe.
Which brings us to the other information some of these articles lack: There are different degrees of post-quantum resistance. In other words, an encryption protocol might be less than quantum safe and still be acceptable for use. Dubbed what I’ve decided is the best technological term coined in the 2000s, these protocols are considered quantum annoying (seriously).
Quantum annoying describes an encryption protocol that can be compromised by a quantum computer, but the time and effort required to do so makes it an unattractive and unrealistic target. Crypto-systems that meet this criterion will likely delay the dire need for quantum-safe encryption by a number of years, until quantum computing catches up. Which should provide the time we need to establish quantum-safe crypto.
It may very well prove too expensive and unwieldy to build a quantum computer with a processor capable of cracking strong encryption methods we use today — at least for the foreseeable future. But beyond the foreseeable lies quantum computing that just may be able to break that one passkey you created in 2023 and somehow haven’t used or updated since.4
Your passkeys are secure today (and will be tomorrow), and given the vast development potential of post-quantum security, they’ll likely evolve with that status intact.5
I very much encourage you to
fall down a few rabbit holes/explore the topic on your own. ↩︎Inspired by and building on decades of work by others: https://ep-news.web.cern.ch/content/interview-peter-shor ↩︎
No, it’s not that simple, and forgive me for entirely oversimplifying in the interest of brevity. Learn much more: https://www.livinginternet.com/i/is_crypt_pkc_work.htm ↩︎
This is a stretch for effect as passkeys are much simpler to update than passwords. As PQC becomes more mainstream, users may see prompts from their service to update their passkey. Just one click later and they will be PQ secure. ↩︎
A final disclaimer that we’ve not even scratched the surface today. Grace and forgiveness is appreciated :) ↩︎
Megan Barker
Security Scribbler
Tweet about this post