ALL BLOG POSTS
Post-Quantum Security

Modernizing Legacy Authentication: A Practical Roadmap to Quantum-Safe Security

POST-QUANTUM
USER AUTHENTICATION
COMPLIANCE
POST-QUANTUM
March 27, 2026
Keynote presentation at Finovate London on modernizing legacy authentication for post-quantum security, featuring a practical migration roadmap.

At Finovate London, Wultra's Regional Lead for Digital Identity Amal Nazar walked through what it actually takes to modernize legacy authentication for a post-quantum world, and why the window to do it properly is getting shorter every year.

Most banks know post-quantum cryptography is coming. Fewer are actually ready for it.

The deadline is closer than it feels

Regulators expect banks to complete the migration to post-quantum cryptography by 2030, with full cutover by 2035. Gartner placed Post-Quantum Authentication on the Hype Cycle for Digital Identity in 2025 as a new innovation trigger, and the warning is clear: by 2029, advances in quantum computing will begin to weaken the conventional cryptography used in today's authentication.

The threat isn't just future-facing either. ‘Harvest now, decrypt later’ attacks are already happening, meaning data being captured today could be decrypted once quantum capabilities mature.

Waiting is not cost avoidance, it's risk accumulation

The banks that delay don't avoid the work, they just make it harder. Less time to plan and test properly, more pressure on internal teams, limited vendor availability, and a higher likelihood of migration errors and user disruption.

A structured path forward

The good news is that this is a solvable problem when approached methodically. Wultra’s keynote outlined five practical steps for getting started:

  1. Map out the impact — inventory all authentication methods in use across customers, employees, partners, and systems, and decide what to keep, upgrade, replace, or retire.
  2. Build stakeholder buy-in — security, IT, compliance, digital product, and identity owners all have different priorities. Getting them aligned early is critical.
  3. Choose the migration path — whether re-enrolling via existing authentication, identity proofing, or trusted third-party providers, the right approach depends on user type, scale, and cost.
  4. Execute in a controlled way — start with pilots and new users, migrate gradually, communicate early, and avoid rushed rollouts.
  5. Monitor and stay agile — cryptographic standards will continue to evolve. Design systems with crypto-agility so this isn't the last migration you have to do from scratch.

The key takeaway

The practical deadline is 2030, with full cutover by 2035, and the banks that start now will have time to do this properly. The ones that wait are not saving money, they are accumulating risk.

Watch the full session below to get the complete roadmap, including a checklist of ignition steps you can take into your own planning.

Watch the full keynote on YouTube

Frequently asked questions

No items found.

Related articles

CONTACT US

Get in touch

Consider partnering with Wultra to meet compliance standards, deliver a secure and seamless user experience, and deliver additional value to your customers while improving your bottom line.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Terms of UsePrivacy PolicyCookie Policy