Today's reliance on public-key cryptography, such as **elliptic curve cryptography** (ECC) and **RSA**, is on borrowed time. While no current machine can break these algorithms, the rapid advancement of quantum hardware means that encrypted data, including critical credentials, could soon be vulnerable. Attackers are already employing a strategy known as 'Harvest Now, Decrypt Later,' capturing ciphertext today with the intent to decrypt it once quantum computing capabilities mature. ## How Urgent is Quantum-Resistant Cryptography? The **Global Risk Institute’s 2025 Quantum Threat Timeline report** indicates that a cryptographically relevant quantum computer is likely to emerge within 15 years, with 51-70% of surveyed security specialists agreeing. This threat dates back to **Peter Shor's** 1994 proof that a powerful quantum computer could efficiently factor large numbers and compute discrete logarithms. It's crucial to note that **Shor's algorithm** primarily impacts public-key cryptography, leaving symmetric encryption like **AES-256** and modern hashing largely unaffected. The real concern lies in the initial trust establishment and key exchange mechanisms that public-key cryptography secures. The 'Harvest Now, Decrypt Later' tactic transforms a future threat into a present-day concern. Any data intercepted and stored today, if protected by vulnerable public-key cryptography, should be considered compromised once quantum capabilities arrive. ### Q-day Deadlines Even without a definitive Q-day, government agencies are setting ambitious deadlines. The **NSA's Commercial National Security Algorithm Suite 2.0** mandates that new national security systems support quantum-resistant algorithms starting January 1, 2027. While deadlines vary, the NSA aims for all national security systems to be quantum-resistant by 2035. Similarly, **NIST's** draft **IR 8547** will deprecate **RSA-2048** and **ECC P-256** after 2030, disallowing them entirely post-2035. These timelines may seem distant, but a comprehensive enterprise transition can take 5 to 15 years, with the discovery phase alone potentially spanning 1 to 2 years for large organizations. ## Why Credentials Carry Major Risk in a Post-Quantum Future Not all encrypted data faces the same level of risk. While session tokens have a short confidentiality lifetime, credentials can persist for years, or even decades, as long as their associated systems remain active. This makes them prime targets for 'Harvest Now, Decrypt Later' attacks. The scale of this risk is amplified by the growing number of Non-Human Identities (NHIs), such as service accounts and API keys. These machine credentials often have extended lifespans due to infrequent rotation and are frequently overlooked in cryptographic inventories, making them ideal targets for harvesting. ## How to Start a Credentials-First Quantum Migration Given the heightened risk associated with credentials, a migration strategy should prioritize them. ### Inventory Existing Cryptography The initial and often most challenging step is to inventory cryptographic dependencies. A credentials-first approach begins by identifying systems that store or broker secrets, including password managers, secrets managers, and **Privileged Access Management (PAM)** platforms. This process frequently uncovers forgotten service accounts, hardcoded secrets, and dormant integrations. ### Prioritize Risk Over Size Instead of focusing on the largest systems, prioritize based on confidentiality lifetime and exposure. A small, long-lived secret that grants access to critical systems poses a greater risk than a vast but short-lived dataset. This risk-based prioritization ensures that the credentials most vulnerable to 'Harvest Now, Decrypt Later' are secured first. ### Migrate to Hybrid Cryptography Rather than immediately replacing classical algorithms, organizations should adopt hybrid cryptography. This involves combining a classical algorithm with a quantum-resistant one within the same key exchange. This dual-layer approach protects against both current and future quantum threats, while also mitigating the risk of relying solely on nascent quantum-resistant algorithms. ### Build for Crypto-Agility Anticipate that the current migration won't be the last. Design systems with crypto-agility in mind, allowing cryptographic algorithm swaps to be configuration changes rather than extensive re-engineering projects. For credentials, this means centralizing cryptography to facilitate single updates across multiple applications, pipelines, and integrations. ## Start Protecting Where the Risk is Highest While the temptation to delay quantum migration is understandable, the lengthy nature of the process and the long-term confidentiality requirements of today's data necessitate immediate action. The threat of harvested and decrypted credentials is real, even without fully realized quantum computers. Prioritizing the transition to quantum-resistant cryptography, starting with credentials, addresses the intersection of confidentiality lifetime and blast radius. As an example, **Keeper Security** began rolling out **Kyber Hybrid Key Encapsulation Mechanisms (KEM)** across its client applications in November 2025 to protect vaults from 'Harvest Now, Decrypt Later' and other quantum computing threats. Proactive protection of credentials against a quantum future is paramount, before advanced hardware forces a reactive scramble. *Note: This article was thoughtfully written and contributed for our audience by Ashley D’Andrea, Content Writer at Keeper Security.*