Post-quantum cryptography on web app traffic changes long-term identity risk

At a glance

What this is: 1Password has enabled hybrid post-quantum key exchange on its web application to protect credential traffic against future decryption risk.

Why it matters: IAM and security teams should read this as a reminder that transport, secrets, and identity assurance are converging around long-horizon confidentiality, not just today’s authentication.

By the numbers:

• At the time of writing this post, I personally have 291 items in my vault, so the long-term confidentiality of this data is critical to myself and every 1Password user.

👉 Read 1Password’s update on post-quantum protection for web app credentials

Context

Post-quantum cryptography changes the trust model for credential traffic by assuming that today’s encrypted sessions may be collected and decrypted later. For identity teams, that matters because the confidentiality of credentials, session material, and recovery data depends on cryptographic choices made long before any compromise is visible.

The practical question is not whether quantum-breaking attacks are imminent, but whether systems that hold sensitive identity data can preserve confidentiality across a long enough horizon. That makes post-quantum readiness relevant to NHI secrets, human authentication flows, and any identity programme that treats transport security as a solved problem.

1Password’s rollout is a useful signal because it starts with internet-facing web traffic, where identity data is most exposed to interception and replay assumptions. That is a typical starting point for organisations thinking seriously about long-term data protection, but it is not yet a full architecture migration.

Key questions

Q: How should security teams plan for post-quantum protection in identity systems?

A: Security teams should start with identity data that must stay confidential for the longest period, including authentication channels, recovery flows, and privileged sessions. The first step is inventory, followed by client capability checks and staged rollout of hybrid post-quantum support where negotiation is possible. That approach reduces future decryption risk without waiting for a full platform replacement.

Q: Why does harvest-now, decrypt-later matter for IAM and NHI programmes?

A: It matters because identity traffic often contains material that remains valuable long after the session ends, including credentials, tokens, and recovery information. If adversaries can store that traffic today and decrypt it later, current encryption controls are no longer enough on their own. Identity teams need to think about confidentiality over time, not just at the moment of transmission.

Q: How do you know if post-quantum rollout is actually working?

A: You know it is working when compatible clients consistently negotiate the intended hybrid key exchange and fallback rates are visible and understood. Success should be measured per critical application path, not as a blanket assumption. If the negotiated cipher is only present in limited browsers or test environments, coverage is still partial and governance remains incomplete.

Q: What is the difference between crypto agility and simple encryption upgrades?

A: Crypto agility is the ability to change key exchange, algorithms, and negotiation policy without disrupting identity services. A simple encryption upgrade usually replaces one mechanism with another but leaves the operational model unchanged. For identity platforms, agility matters more because client compatibility, protocol negotiation, and rollout sequencing all affect whether protection actually reaches production.

How it works in practice

Hybrid post-quantum key exchange in TLS

Hybrid post-quantum key exchange combines a classical algorithm with a quantum-resistant algorithm during the TLS handshake. In this case, the browser and server negotiate X25519MLKEM768, which preserves compatibility with existing clients while adding resistance to future cryptanalytic advances. The important point is that this protects the session establishment phase, where encryption keys are agreed, not the application logic itself. It is an incremental deployment model because it avoids breaking current browser ecosystems while changing the cryptographic assumptions behind the connection.

Practical implication: identity and platform teams should inventory where sensitive traffic still relies only on classical key exchange and prioritise internet-facing pathways first.

Harvest now, decrypt later risk for identity data

Harvest now, decrypt later describes a delayed-attack model in which adversaries store encrypted traffic today and wait for better cryptographic capabilities tomorrow. That matters for identity systems because credentials, recovery workflows, and administrative sessions can retain value long after the live transaction ends. The risk is not limited to secret vaults. Any identity-sensitive channel that carries durable confidentiality requirements becomes part of the threat surface once interception is plausible at scale.

Practical implication: security teams should classify identity traffic by retention value, not just by current exposure, and treat long-lived confidentiality as a design requirement.

Browser support and negotiated crypto policy

Post-quantum support here is conditional on the client. A compatible browser must support the negotiated hybrid key exchange, otherwise the session falls back to the browser’s available cryptographic capabilities. That makes rollout governance as important as server-side configuration, because assurance depends on both ends of the connection. This is why cryptographic change management increasingly looks like identity change management: control is distributed across clients, servers, and policy boundaries.

Practical implication: teams should verify browser capability, track negotiation success, and avoid assuming a server-side deployment guarantees PQC coverage everywhere.

NHI Mgmt Group analysis

Long-term confidentiality is now an identity governance concern, not just a cryptography concern. Credentials, session metadata, and recovery pathways are part of the identity control plane, so their protection horizon has to match the lifetime of the information they carry. When the transport layer cannot guarantee future confidentiality, the identity programme inherits the risk. Practitioners should treat cryptographic duration as a governance issue, not a pure engineering detail.

Harvest now, decrypt later is a direct challenge to static trust assumptions in identity systems. The assumption that encrypted traffic only needs to withstand present-day adversaries was designed for a shorter threat horizon. That assumption fails when attackers can archive identity-bearing traffic for years and revisit it with stronger decryption capability later. The implication is that long-lived identity data must be assessed against future exposure, not just current interception.

Hybrid post-quantum deployment shows that transition paths matter as much as end-state crypto. The category will not move through a single flip of a switch because browser compatibility, protocol negotiation, and operational rollout all shape adoption. That is why NIST CSF-style governance thinking still applies: inventory, protect, and validate controls continuously across the path of adoption. Practitioners should plan for partial coverage before they plan for complete migration.

Post-quantum readiness will increasingly separate organisations that understand identity risk from those that only understand authentication risk. Authentication is the visible event, but the deeper issue is whether the data exchanged during identity operations remains confidential under future attack conditions. OWASP NHI guidance becomes relevant here because service credentials and delegated access often travel through the same networks and assumptions as human logins. Practitioners should align transport controls with the sensitivity of both human and non-human identity flows.

Cryptographic agility is becoming a baseline control for identity platforms. Systems that cannot change key exchange, negotiation policy, and client support without disruption will lag the threat curve. The named concept here is identity transport durability: the ability of identity traffic to stay confidential across future cryptographic change. Practitioners should evaluate whether their identity architecture can survive that change without forcing emergency redesign.

From our research:

• 60% of NHIs are being overused, with the same NHI utilised by more than one application, increasing the risk of widespread compromise if exposed, according to The 2025 State of NHIs and Secrets in Cybersecurity.
• 91% of former employee tokens remain active after offboarding, which shows how long identity data can stay exposed when lifecycle governance lags behind operational reality.
• For the next step: Ultimate Guide to NHIs , Static vs Dynamic Secrets explains why ephemeral handling and long-term confidentiality need to be designed together.

What this signals

Post-quantum rollout will increasingly be judged as part of identity resilience, not just cryptographic housekeeping. Organisations that cannot verify negotiation outcomes, browser support, and fallback behaviour will have a false sense of coverage even when the server-side change is in place.

Identity transport durability: systems need to preserve confidentiality across future cryptographic change, not just current network conditions. That will push IAM, PAM, and secrets teams to coordinate around a shared confidentiality horizon rather than separate control owners.

The operational signal for readers is simple: if your identity programme does not know which channels carry data worth protecting for years, the post-quantum conversation has already started without you. Map those paths now and compare them with the assumptions in the Guide to the Secret Sprawl Challenge.

For practitioners

• Inventory identity traffic with long confidentiality requirements Map which authentication, vault, recovery, and administrative channels carry data that must remain confidential for years, then rank them by exposure and retention value.
• Verify negotiated cryptography in client populations Check which browsers, endpoints, and automated clients can negotiate hybrid post-quantum key exchange, and measure where fallback still occurs in production.
• Update change management for cryptographic migration Treat PQC rollout as a distributed control change across clients, servers, and policy boundaries, with validation steps for every identity-critical pathway.
• Align secret-handling policy with future decryption risk Review whether stored tokens, recovery material, and session logs could remain valuable if intercepted today and decrypted later, then prioritise the most durable assets first.
• Map the browser support gap before expanding coverage Document where PQC negotiation succeeds and where it falls back, so future rollout can move beyond the web application without assuming uniform client readiness.

Key takeaways

• Post-quantum key exchange on identity traffic changes the trust model for credentials, recovery flows, and administrative sessions.
• Harvest-now, decrypt-later risk makes long-term confidentiality a governance issue for IAM, NHI, and secrets programmes.
• Practical readiness depends on client support, negotiation visibility, and staged rollout across the identity transport layer.

Key terms

• Post-Quantum Cryptography: Post-quantum cryptography is a set of algorithms designed to resist attacks from both classical and future quantum computers. In identity systems, it matters most where credentials, session material, and recovery data must remain confidential long after transmission. The goal is not theoretical elegance, but durable protection over time.
• Hybrid Key Exchange: Hybrid key exchange combines a traditional cryptographic algorithm with a quantum-resistant one during session setup. This lets existing clients keep working while adding protection against future decryption attacks. For identity platforms, hybrid designs are often the safest transition path because they preserve compatibility while changing the trust model.
• Harvest Now, Decrypt Later: Harvest now, decrypt later is an attack strategy in which adversaries capture encrypted traffic today and wait until stronger cryptanalysis becomes available. Identity systems are exposed when the captured data includes credentials, tokens, or recovery information with long-lived value. The risk turns present-day confidentiality into a future compromise problem.
• Crypto Agility: Crypto agility is the ability to change cryptographic algorithms and negotiation policy without re-architecting the whole service. In identity environments, that means browsers, servers, and policy controls can evolve together instead of forcing a disruptive migration. It is a governance capability as much as an engineering one.

Deepen your knowledge

Post-quantum cryptography for identity traffic is a relevant topic in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building a governance programme that has to protect credentials over a long horizon, it is worth exploring.

This post draws on content published by 1Password: post-quantum cryptography on the web application. Read the original.