Home / Security / Google paves way for FIDO2 security keys that can resist quantum computer attacks

Google paves way for FIDO2 security keys that can resist quantum computer attacks

A FIDO2 security key -- the YubiKey 5C NFC -- offer a high level of protection, but will need better security to defend against quantum computer attacks

A FIDO2 security key — the YubiKey 5C NFC — offer a high level of protection, but will need better security to defend against quantum computer attacks

Adrian Kingsley-Hughes/ZDNET

Security keys are awesome, and if you don’t already have a couple, I suggest you get a couple

Not familiar? A security key is a tiny dongle that connects to your computer or smartphone and replaces insecure SMS messages for account authentication. 

When you’re logging into an account and you’re prompted to authenticate, instead of reaching for your phone to add a code from a text message, you just tap the security key, and you’re in.

Also: This is the ultimate security key. Here’s why you need one

They’re the best thing to happen to online security since password managers. 

However, as we shift into an era where quantum computers are going to be able to handle workloads that are today seen as impossible, security is going to have to work to keep up with the dramatic increase in computational power that this represents.

“While quantum attacks are still in the distant future, deploying cryptography at internet scale is a massive undertaking which is why doing it as early as possible is vital,” writes Elie Bursztein, cybersecurity and AI research director, Fabian Kaczmarczyck, software engineer, on Google’s Security Blog

“In particular, for security keys this process is expected to be gradual as users will have to acquire new ones once FIDO has standardized post-quantum cryptography resilient cryptography and this new standard is supported by major browser vendors.”

Also: 3 security gadgets I never leave home without

How’s Google managing to protect security keys from the power of quantum computers?

“Fortunately, with the recent standardization of public key quantum resilient cryptography including the Dilithium algorithm, we now have a clear path to secure security keys against quantum attacks.”

One of the challenges is to make all this work on the tiny amount of hardware resources available on a security key. According to Google, it has been able to optimize the code to run on as little as 20KB of memory and also made use of hardware acceleration to make sure that the user experience is smooth.

Google hopes to see this quantum computer resilience added to the FIDO2 key specification and supported by major web browsers in the near future.

Also: The best security keys right now: Expert tested

The blog post goes into much greater detail about how this is accomplished.

In the meantime, I recommend protecting yourself in the here and now with a security key. I recommend the YubiKey 5C NFC, which works as a plug-in key using USB-C, and also uses NFC for iPhones and Android devices that support that.

yubikey-5-nfc-security-key

ZDNET RECOMMENDS

YubiKey 5C NFC

The best thing to happen to online security since password managers. 


Source link

About admin

Check Also

How to use Norton’s free AI-powered scam detector

Norton You’ve received an email, text, or website notification that’s triggering your Spidey senses, so ...

Leave a Reply

Your email address will not be published. Required fields are marked *