[jpc0]

1. Neither are passwords… Unless you use a quantum safe hashing algorithm which I believe I’ve only seen Apple adopt, maybe others but most of the internet isn’t using it.

2. By definition this isn’t true

3. Again not true, don’t confound whatever terrible implementation you have used with what is allowed or capable

[OutOfHere]

1. A regular hash algorithm is already very safe against quantum computing if the hash is sufficiently long, which it easily is or can be for passwords. A special hashing algorithm isn't needed for quantum safety. At worst the hash length has to be doubled for ultimate quantum safety. The assertion of needing a special hashing algorithm is bogus.

2. It is risked in practice.

3. It too is risked in practice.

[jpc0]

Seeing as we won’t agree on 2 and 3, let’s discuss 1.

Your argument hinges on us getting access to a quantum computer that is stable enough for Shor’s algorithm to run invalidating RSA and ECC, current password hashes being updated using algorithms that are secure, or long enough, and a quantum safe algorithm not existing for PKi.

Do you understand how this sequence of events is extremely unlikely, specifically since we already have quantum safe Public Key Algorithms and there is still ongoing research whereas it isn’t even known whether we will get a stable Quantum computer with enough qubits ever.

[OutOfHere]

You want people to bury their head in the sand, and unwillingly accept the unnecessary risk for little reward.

[jpc0]

I’m not sure if you have been around normal people but the unnecessary risk is having them use a password in the first place. Normal people do not use password managers, despite both mobile operating systems and effectively every single browser bundling one.

So now we have Apple Google and Microsoft getting a standard together that is actually secure in 2025 and your response is that sometime in the future a computer that our best engineers and scientists still haven’t been able to even prove may even be feasible might be able to reverse a public key.

I also have a strong suspicion that the people that goes through the effort of even implementing Passkeys and those that care about security are a mostly overlapping set, so the likelihood of those public keys leaking in the first place is significantly lower the Bob’s hardware leaking my old mans one password he uses for everything.

The security improvement for 99.99% of the population from using passkeys just far outweighs your hypothetical future that will likely never happen.

I predict we will get AGI before a quantum computer that can reverse a public key, and we will have quantum safe public keys before that.