The Urgency of Quantum Ready Security
Encrypted data protected today, including credentials, faces a future threat from quantum computers capable of breaking current public key cryptography. While no machine yet exists that can crack elliptic curve cryptography or RSA, quantum hardware is advancing rapidly. Attackers can already capture encrypted traffic now and store it, waiting for the moment quantum computing catches up so they can decrypt it. This tactic, known as Harvest Now Decrypt Later, means any data intercepted today could be exposed within the next 15 years, based on the Global Risk Institute’s 2025 Quantum Threat Timeline report showing 51-70% of security specialists expect a cryptographically relevant quantum computer within that timeframe.
The Outsized Risk to Credentials
Not all encrypted data carries equal risk in a post quantum future. Session tokens and similar secrets have confidentiality lifetimes measured in months, but credentials often persist for years or as long as their associated systems remain active. This makes credentials prime targets for attackers who harvest them now and hold them for future decryption. The risk is amplified by the growing population of Non Human Identities (NHIs) such as service accounts and API keys. These machine credentials tend to be long lived because no human rotates them, and they often go uninventoried for cryptographic exposure.
Starting the Migration with Credentials
Organizations should take a credentials first approach to quantum migration. The process begins by inventorying systems that hold or broker secrets, including password managers, secrets managers, and Privileged Access Management (PAM) platforms. This phase typically uncovers forgotten service accounts and hardcoded secrets. Prioritization should focus on confidentiality lifetime and attacker reachability rather than system size. A small long lived secret that brokers access to critical systems outweighs a vast but short lived dataset. Organizations should adopt hybrid cryptography, combining classical and quantum resistant algorithms in the same key exchange, and build for crypto agility so algorithm swaps become configuration changes rather than major reengineering efforts.
Source: The Hacker News
