Security keys are awesome, and if you don’t already have one, I suggest you just buy one.
Don’t know the security keys? A security key is a tiny USB key that plugs into your computer or smartphone and replaces text messages for authenticating your account.
Concretely, when you connect to an account and you are asked to authenticate yourself, instead of grabbing your smartphone to retrieve a code that reaches you by SMS, you just have to press the security key. Here we go. In short, it’s the best thing that’s happened to online security since the advent of password managers.
Computer security will have to follow the dramatic increase in computing power
However, as we enter an era where quantum computers will be able to handle workloads considered impossible today, computer security will have to keep pace with the dramatic increase in computing power that is coming.
“While quantum attacks are still planned for the distant future, deploying internet-scale cryptography is a big undertaking, so getting started as soon as possible is vital. “, write Elie Bursztein, director of cybersecurity and AI research, and Fabian Kaczmarczyck, software engineer, on the Google Computer Security blog.
“For security keys, this process should be gradual as users will need to acquire new ones once FIDO standardizes post-quantum resilient cryptography and this new standard is supported by major browser vendors.”
Optimize code to run on only 20 KB of memory
How does Google manage to protect security keys against the power of quantum computers? “Fortunately, with the recent standardization of public-key quantum resilient cryptography, including the Dilithium algorithm, we now have a path to securing security keys against quantum attacks.”
One of the challenges is getting all this to work on the tiny amount of hardware resources available on a security key. According to Google, it is possible to optimize code to run on just 20 KB of memory and use hardware acceleration to ensure a smooth user experience.
Google hopes that this quantum computing resilience will be added to the FIDO2 key specification and supported by major web browsers in the near future.
The blog post explains in more detail how this was achieved.
In the meantime, I recommend that you protect yourself with a security key. I recommend the YubiKey 5C NFC, which works like a USB-C key, and also uses NFC for iPhones and Android devices that support this technology.
To go further on computing and quantum security
Source: “ZDNet.com”