The ‘Harvest Now, Decrypt Later’ Impact on Authentication: Are Passwords Safe from Quantum Threats?

Interestingly, some of the less secure — or even outright legacy — authentication methods appear to be less affected by quantum threats than their modern, cryptography-based counterparts.

For example, because symmetric cryptography and hashing are largely unaffected by quantum computing, it is easy to assume that passwords are not affected at all. However, this is not the case.

Indirect Threat to Passwords

At their core, passwords are not impacted by quantum computers. Today, password security is largely built on the foundation of strong hashing algorithms. Even if an attacker were to breach a database, well-salted and computationally intensive hash functions like bcrypt or Argon2 provide robust protection.

In the post-quantum era, both password storage and password comparison during authentication remain relatively secure, as these functions are designed to resist brute-force attacks regardless of whether the attacker uses classical or quantum resources.

However, the risk does not lie in how passwords rest. It lies in how they move.

The unexpected threat emerges from the widespread use of TLS (Transport Layer Security), which encrypts communications between users and servers, safeguarding passwords, API keys, OAuth tokens, and other sensitive information in transit. Unfortunately, TLS protocols that rely on classical public-key cryptography, such as RSA or Elliptic Curve Cryptography (ECC), are vulnerable to an attack model known as "Harvest Now, Decrypt Later."

In this model, adversaries can silently record encrypted traffic today with the intention of decrypting it in the future, once quantum computers become capable of breaking the underlying algorithms. If a password is intercepted during login, even a perfectly stored credential may already be compromised — simply waiting to be decrypted.

All Long-Lived Static Credentials Are Affected

The issue is not limited to user passwords.

Secrets commonly transmitted over TLS channels — API keys used in backend integrations, long-lived OAuth refresh tokens used in mobile applications, initialization secrets for HOTP/TOTP (Hash/Time-Based One-Time Passwords, such as Google Authenticator), and recovery codes displayed during multi-factor enrollment — are all subject to the same long-term exposure risk.

These assets are precisely what adversaries would prioritize when performing mass interception of encrypted traffic. A single successful decryption years later could grant immediate, persistent, and deeply privileged access to systems, bypassing audit trails, revocation mechanisms, and monitoring controls.

This leads to an uncomfortable but necessary implication: migrating to quantum-safe transport protocols alone is not enough. Organizations that upgrade to quantum-resistant TLS in the coming years must also revisit security measures for credentials transmitted over vulnerable channels. Otherwise, they risk operating secure channels while relying on secrets that may already be exposed.

In high-risk environments, it is reasonable to assume that long-lived credentials could already be compromised.

Yet Another Credential Harvesting Vector

Looking at the problem from a general perspective, harvesting passwords or similar credentials via a quantum attack is simply another form of credential harvesting. As a result, quantum attacks provide an additional incentive for organizations to implement several common, recommended, and under-adopted countermeasures designed to prevent account takeover (ATO).

Multi-Factor Authentication

While multi-factor authentication (MFA) does not eliminate all attack vectors, such as phishing, social engineering, or MFA fatigue, it can significantly reduce the risk of account takeover via quantum attacks. Harvested passwords alone are typically insufficient to authenticate.

Risk-Based Authentication

By incorporating IP and location intelligence, device profiling, security posture assessment, and passive behavioral biometrics, organizations can add an additional layer of security to password-based authentication. This evaluates user context and behavior to detect potential account takeover and triggers step-up authentication or identity verification when risk is elevated.

Breach Intelligence and Credential Monitoring

Implementing mechanisms to detect known password compromises — such as breach intelligence feeds and credential blocklists commonly provided by modern password managers — allows organizations to identify when credentials appear on underground markets or leak repositories. This enables proactive password resets before abuse occurs.

Phasing Out Passwords

Ultimately, phasing out passwords altogether in favor of phishing-resistant passwordless authentication, such as passkeys and FIDO2, eliminates organizational exposure to password-related risks entirely and represents the most future-proof solution.

Pre-Emptive Password Rotation

Encrypted TLS sessions that include passwords or other static credentials could be silently captured today and decrypted years later, once post-quantum adversaries possess the computational capability to break classical public-key encryption. Such compromises are entirely undetectable in the present.

The password has not been phished, leaked, or brute-forced — it has been passively intercepted in a way that no intrusion detection system or password breach database can reveal. When decrypted later, these credentials can be exploited immediately, potentially leaving organizations that did not invest in the above-mentioned measures exposed.

In this context, a one-time password rotation after deploying quantum-safe TLS may serve as a pre-emptive mitigation — reducing the window in which potentially exposed credentials remain usable.

At the same time, as crypto-agility becomes essential, regularly rotating non-human credentials (such as API keys or refresh tokens) should be considered part of adapting to a world where today’s encryption cannot be assumed secure tomorrow.

Going Quantum-Safe Demands a Deep Clean

The transition to quantum-safe infrastructure must be understood not only as a cryptographic upgrade but also as a hygiene reset.

It demands a critical inventory of used cryptographic primitives mapped to individual systems, as well as an inventory of which secrets have moved through which channels — and when. From there, organizations need a structured plan to regenerate or invalidate them, if needed.

While investing in account takeover prevention measures is strongly recommended, in some cases, it may not be sufficient. Additional actions may include re-enrolling users, rotating passwords, re-issuing tokens, or redesigning systems to minimize the longevity and privilege of transmitted credentials.

The operational burden is nontrivial, but it is dwarfed by the potential consequences of quantum-enabled retrospective breaches.

Frequently asked questions

Are passwords safe from quantum computing?

Passwords are safe from quantum computing when stored using modern hashing algorithms like bcrypt or Argon2. Quantum computers do not meaningfully weaken password hashing. The primary quantum risk affects password transmission over encrypted connections, not password storage.

Can quantum computers crack passwords?

No. Quantum computers cannot directly crack passwords or modern password hashes. However, they may enable future decryption of encrypted network traffic, which could expose passwords that were captured during login over vulnerable TLS connections.

What is the “Harvest Now, Decrypt Later” attack?

“Harvest Now, Decrypt Later” is a cyberattack where encrypted data is collected today and decrypted later using quantum computers. This threatens passwords, API keys, and tokens transmitted over encryption that relies on RSA or elliptic curve cryptography.

Is TLS encryption vulnerable to quantum attacks?

TLS encryption that uses RSA or elliptic curve cryptography is vulnerable to future quantum attacks. While symmetric encryption (i.e., using AES) remains secure, the classical public-key algorithms used for key exchange are not quantum-safe.

Does quantum-safe encryption protect existing passwords?

No. Quantum-safe encryption only protects future communications. Passwords or credentials transmitted in the past may still be compromised if encrypted traffic was previously intercepted, making credential rotation an important mitigation step.

Does multi-factor authentication protect against quantum attacks?

Multi-factor authentication (MFA) significantly reduces the risk of account takeover from quantum-related credential compromise. Even if a password is later decrypted through a quantum attack, MFA can prevent access by requiring an additional authentication factor.