Passwords, Passkeys and Quantum Computing: The Saga of Logging In

Quick Summary

Traditional passwords are becoming less secure due to poor user habits and cyber threats.
Multi-Factor Authentication (MFA) improves security but has its limitations.
Passkeys offer a passwordless future, using biometrics and cryptographic key pairs.
Users should use password managers, unique passwords, and MFA while transitioning towards passkeys.
Quantum computing could threaten current authentication methods, but post-quantum cryptography is in development.

The fast-paced nature of the digital world is not slowing down but speeding up. Technology is evolving at a staggering rate, with AI and quantum computing moving from the realms of science fiction to reality. Sometimes it can really feel like we’re living in the future.

Predictably, cyber criminals, and even state actors, are trying to use the power of these new technologies to steal your data, money and identity. One of the easiest ways for them to do that is by cracking or accessing your passwords. In this article we’ll delve into the latest developments that have moved us from reusing “password123” on every website through to biometric passkeys and military-grade encryption.

Passwords Episode 1: Traditional Passwords

For years, cyber security experts have advised using strong, unique passwords. However, remembering complex passwords is challenging, leading to bad habits such as password reuse or writing them down. Although, ironically, printing MFA backup codes is advisable if you can keep them physically secure.

To improve security, guidance has shifted away from mandatory password changes and towards tools like Multi-Factor Authentication (MFA) and password managers. But despite these measures, traditional passwords remain a weak link in cyber security.

Best Practices for Managing Passwords: To enhance security, users should:

Use Unique, Complex Passwords:
Leverage a Password Manager: They can securely generate and store complex passwords.
- You MUST secure your password manager with a strong master password and MFA.
Avoid Personal Information Within Your Passwords.
Enable Multi-Factor Authentication (MFA): Most online accounts that hold personal info have this feature available.

While these practices improve security, they are not foolproof and present their own challenges.

Pitfalls in Authentication

Even with extra security measures, authentication methods have weaknesses:

Losing Access to Authentication Devices: Losing a phone could mean being locked out of accounts.
SIM-Jacking Attacks: Hackers trick telecom providers into transferring a victim’s phone number, intercepting SMS authentication codes.
Inconvenience of Hardware Tokens: While effective, they can be lost or forgotten.

These issues highlight the need for a more secure and user-friendly authentication method.

Passwords Episode 2: The Rise of Passkeys

Tech giants like Apple, Google, and Microsoft are championing passkeys, aiming to replace passwords entirely. Passkeys use cryptographic key pairs stored on a user’s device, allowing authentication through biometrics (e.g., Face ID, fingerprint) or a device PIN.

How Passkeys Work

A unique cryptographic key pair is created on a device.
The private key remains securely stored on the device.
Authentication occurs via biometric data or a PIN, eliminating passwords.
The public key verifies the authentication request.

Advantages:

No Passwords to Remember: Which is appealing to most users.
Phishing Resistance: There is no way for a user to expose their credentials.
Cross-Device Synchronisation: You can install passkeys on multiple, secure devices.

Challenges:

Device Dependency: Losing all trusted devices makes account recovery complex.
Adoption Challenges: Service providers must implement passkey support.
Not Widely Understood: Less tech-savvy users may be resistant to implementation.

Passwords Episode 3: Revenge of Quantum Computing

Quantum computers, though still developing, could break widely used encryption algorithms (e.g., RSA, ECC) in seconds using Shor’s algorithm, which efficiently factors large numbers. This poses a major risk to traditional authentication and public-key cryptography.

In short: Using unbelievably powerful processing, quantum computing can effectively attempt every single combination of options to “crack the code” of any current form of encryption. It’s like successfully predicting the results of the lottery, every single time.

Passwords Episode 4: A Quantum-Resistant New Hope

Passkeys rely on public-key cryptography, and many current cryptographic methods could eventually be vulnerable to quantum attacks. However, researchers are actively working on post-quantum cryptographic (PQC) solutions to mitigate this risk.

How Can Passkeys Be Made Quantum-Resistant?

Adopting Post-Quantum Cryptography (PQC): Security experts are developing quantum-resistant encryption under initiatives like NIST’s Post-Quantum Cryptography Standardisation.
Hybrid Cryptographic Models: Combining traditional encryption with quantum-resistant algorithms can provide a gradual transition to full quantum-safe security.
Biometric and Device-Based Authentication: Since passkeys rely on biometric authentication and hardware security modules, they are less vulnerable to direct quantum attacks.

Final Verdict: Are Passkeys the Solution to Quantum Threats?

In the short-term, yes, they offer stronger protection than traditional passwords and reduce phishing and brute-force attack risks. However, in the long-term only if post-quantum cryptography (PQC) is integrated into passkey authentication methods, will they remain effective.

The good news is, the security of authentication is so vitally important to states and commercial entities that scientists and security experts, far smarter than we are, are working on a solution to the quantum threat.

Top Tips for Protecting Your Account Credentials in 2025.

Passwords are gradually being replaced by more secure authentication methods like passkeys, but full adoption will take time. In the meantime, users should:

Follow strong password management practices.
Enable MFA wherever possible.
Stay informed about authentication advancements.

While passwords won’t disappear overnight, the future of authentication is moving towards a more secure, passwordless landscape.

If you would like to upgrade your password infrastructure or general cyber security defences. Speak to one of the team at Trustco today.

Cookie	Duration	Description
aka_debug	session	Vimeo sets this cookie which is essential for the website to play video functionality.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
player	1 year	Vimeo uses this cookie to save the user's preferences when playing embedded videos from Vimeo.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Cookie	Duration	Description
continually_session	2 hours	This is a cookie that helps us run our chatbot.
sync_active	never	This cookie is set by Vimeo and contains data on the visitor's video-content preferences, so that the website remembers parameters such as preferred volume or video quality.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_ga_4NR2DXZKY6	2 years	This cookie is installed by Google Analytics.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Trustco PLC