Quantum computers are being developed that are powerful enough to break the encryption protecting your passwords, bank accounts, and personal data. That future is nearer than most people think; enough that the U.S. federal government finalized new encryption standards in 2024 to prepare for it.
You don’t need to understand quantum physics to protect yourself. Solutions such as a password manager, longer pass-phrases, and hardware security keys are available right now.
Here’s what the threat actually looks like and what to do about it today.
Why Your Passwords Are at Risk
Every time you log into your bank, your email, or your health records portal, your data are protected by encryption. That encryption works by creating math problems that would take a regular computer thousands of years to solve.Quantum computers don’t play by the same rules. They use the principles of quantum mechanics to process information in ways that make certain math problems exponentially easier to crack. And that includes the ones protecting your accounts.
This isn’t science fiction. In August 2024, the National Institute of Standards and Technology (NIST) finalized its first three post-quantum cryptography standards and declared them ready for immediate use. When the federal government moves that fast on a technical standard, the threat driving it is real.
The Threat You Haven’t Heard Of: Harvest Now, Decrypt Later
You might think: “Quantum computers aren’t powerful enough to break my passwords yet, so I have time.” That’s partly true, but there’s a catch.Bad actors are already running what security researchers call harvest now, decrypt later (HNDL) attacks. The strategy is straightforward:
- Collect encrypted data now (e.g., bank records, health files, legal documents, private communications).
- Store it until quantum computers are powerful enough.
- Decrypt it later, when the math becomes solvable.
Cybersecurity professionals aren’t waiting for “Q-Day”—the point when quantum computers can reliably break modern encryption, to start acting.
What This Means for Your Everyday Accounts
The accounts most exposed to quantum-era threats are the ones where the stakes are highest:| Account Type | Why It’s at Risk |
| Online banking and brokerage | High-value financial data worth storing for future decryption |
| Tax-filing portals (IRS, TurboTax) | Highly sensitive financial and identity data |
| Health records and insurance portals | Valuable personal data with long-term significance |
| Email accounts | Often the master key to resetting everything else |
| Social media with saved payment info | Linked financial data and identity exposure |
The accounts you protect weakly today are the ones that will hurt most if harvest now, decrypt later attacks pay off later.
3 Things You Can Do Right Now
Merely waiting for banks or tech companies to upgrade their infrastructure isn’t a good plan.Instead, consider these steps to improve your security immediately and position you better as the quantum threat matures.
1. Switch to Pass-phrases Instead of Passwords
The single most accessible upgrade you can make is length. A short, complex password like Tr0ub4dor&3 is far weaker than a long, memorable phrase like correct-horse-battery-staple-74.Why length matters:
- Complexity makes a password harder to guess for humans.
- Length makes it exponentially harder for computers, quantum or otherwise, to crack.
- Aim for at least 16–20 characters, ideally using four or more unrelated words.
2. Use a Password Manager
Reusing your passwords is one of the most dangerous habits in personal security. If one account is compromised, every account with the same password is compromised.A reputable password manager:
- generates unique, strong passwords for every individual account;
- stores credentials in encrypted form so you don’t have to remember them; and
- reduces your attack surface dramatically before quantum computing ever enters the picture.
3. Add a Hardware Security Key for High-Stakes Accounts
A hardware security key is an actual key—a small physical device that plugs into your USB port or taps to your phone via near field communication. It is the most durable form of authentication available to individuals today.These keys use the FIDO2/WebAuthn standard, which:
- is resistant to phishing (it verifies the actual website, not just the login form);
- does not transmit a password that can be harvested or intercepted; and
- is significantly more resistant to quantum decryption than password-based login.
What’s Coming From Institutions—and What Isn’t Yet
Banks, healthcare providers, and tech companies will eventually migrate to post-quantum cryptographic standards. NIST’s 2024 finalized algorithms, including ML-KEM for key establishment and ML-DSA for digital signatures, give institutions a roadmap.But institutional migration takes years. You can’t control when your bank upgrades. You can control the strength of your own authentication layer right now.
Frequently Asked Questions About Quantum Computing and Password Security
When Will Quantum Computers Actually Be Able to Crack My Passwords?
No one knows the precise date, and estimates range widely, from 10–20 or more years for a “cryptographically relevant” quantum computer. However, the harvest now, decrypt later threat means that sensitive data transmitted today is already at risk from future decryption. Acting now protects the vulnerable information that exists today.Does Using a Password Manager Put All My Eggs in One Basket?
It can feel that way, but reputable managers use zero-knowledge encryption, meaning your passwords are encrypted before they leave your device. If the company is breached, attackers get encrypted data they can’t read. The risk of reusing weak passwords across accounts is far greater than the risk of a well-secured password manager.Are Hardware Security Keys Worth the Cost?
A basic YubiKey costs around $25–$50. Compared to the cost of a compromised bank account, identity theft resolution, or tax fraud recovery, which can run into thousands of dollars and hundreds of hours, the investment is minimal. They’re particularly valuable for email, banking, and any account connected to financial information.Will My Current Two-Factor Authentication (2FA) Hold Up Against Quantum Threats?
SMS-based 2FA is already weak by current standards and will not hold up in a post-quantum environment. Authenticator app-based 2FA (such as Google Authenticator or Authy) is better. Hardware security keys using FIDO2 are the most durable option. If you’re using SMS 2FA today, switching to an authenticator app can be a meaningful upgrade you can make immediately.The views and opinions expressed are those of the authors. They are meant for general informational purposes only and should not be construed or interpreted as a recommendation or solicitation. NTD does not provide investment, tax, legal, financial planning, estate planning, or any other personal finance advice. NTD holds no liability for the accuracy or timeliness of the information provided.
From The Epoch Times