Google paves way for FIDO2 security keys that can resist quantum computer attacks

Google paves way for FIDO2 security keys that can resist quantum computer attacks

/>

X

Tech
Why you can trust ZDNET : ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission. Our process

‘ZDNET Recommends’: What exactly does it mean?

ZDNET’s recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNET’s editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.

Close

Google paves way for FIDO2 security keys that can resist quantum computer attacks

Google wants your security keys to be up for the challenges that quantum computers will present.
A FIDO2 security key -- the YubiKey 5C NFC -- offer a high level of protection, but will need better security to defend against quantum computer attacks

A FIDO2 security key — the YubiKey 5C NFC — offer a high level of protection, but will need better security to defend against quantum computer attacks

Adrian Kingsley-Hughes/ZDNET

Security keys are awesome, and if you don’t already have a couple, I suggest you get a couple

Not familiar? A security key is a tiny dongle that connects to your computer or smartphone and replaces insecure SMS messages for account authentication. 

When you’re logging into an account and you’re prompted to authenticate, instead of reaching for your phone to add a code from a text message, you just tap the security key, and you’re in.

Also: This is the ultimate security key. Here’s why you need one

They’re the best thing to happen to online security since password managers. 

However, as we shift into an era where quantum computers are going to be able to handle workloads that are today seen as impossible, security is going to have to work to keep up with the dramatic increase in computational power that this represents.

“While quantum attacks are still in the distant future, deploying cryptography at internet scale is a massive undertaking which is why doing it as early as possible is vital,” writes Elie Bursztein, cybersecurity and AI research director, Fabian Kaczmarczyck, software engineer, on Google’s Security Blog

“In particular, for security keys this process is expected to be gradual as users will have to acquire new ones once FIDO has standardized post-quantum cryptography resilient cryptography and this new standard is supported by major browser vendors.”

Also: 3 security gadgets I never leave home without

How’s Google managing to protect security keys from the power of quantum computers?

“Fortunately, with the recent standardization of public key quantum resilient cryptography including the Dilithium algorithm, we now have a clear path to secure security keys against quantum attacks.”

One of the challenges is to make all this work on the tiny amount of hardware resources available on a security key. According to Google, it has been able to optimize the code to run on as little as 20KB of memory and also made use of hardware acceleration to make sure that the user experience is smooth.

Google hopes to see this quantum computer resilience added to the FIDO2 key specification and supported by major web browsers in the near future.

Also: The best security keys right now: Expert tested

The blog post goes into much greater detail about how this is accomplished.

In the meantime, I recommend protecting yourself in the here and now with a security key. I recommend the YubiKey 5C NFC, which works as a plug-in key using USB-C, and also uses NFC for iPhones and Android devices that support that.

yubikey-5-nfc-security-key

ZDNET RECOMMENDS

YubiKey 5C NFC

The best thing to happen to online security since password managers. 

View at Amazon

Editorial standards

Add a Comment