Why you can trust ZDNET
:ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission.Our process
'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
They're the best thing to happen to online security since password managers.
However, as we shift into an era where quantum computers are going to be able to handle workloads that are today seen as impossible, security is going to have to work to keep up with the dramatic increase in computational power that this represents.
"While quantum attacks are still in the distant future, deploying cryptography at internet scale is a massive undertaking which is why doing it as early as possible is vital," writes Elie Bursztein, cybersecurity and AI research director, Fabian Kaczmarczyck, software engineer, on Google's Security Blog.
"In particular, for security keys this process is expected to be gradual as users will have to acquire new ones once FIDO has standardized post-quantum cryptography resilient cryptography and this new standard is supported by major browser vendors."
One of the challenges is to make all this work on the tiny amount of hardware resources available on a security key. According to Google, it has been able to optimize the code to run on as little as 20KB of memory and also made use of hardware acceleration to make sure that the user experience is smooth.
Google hopes to see this quantum computer resilience added to the FIDO2 key specification and supported by major web browsers in the near future.
The blog post goes into much greater detail about how this is accomplished.
In the meantime, I recommend protecting yourself in the here and now with a security key. I recommend the YubiKey 5C NFC, which works as a plug-in key using USB-C, and also uses NFC for iPhones and Android devices that support that.