What this is. Why it matters.

Think of today's computer security like a very strong padlock that protects everything you care about: your bank account, your medical records, your private messages. The math that makes that padlock work has protected the world's information for decades, and it is still strong against the computers we have today.

The issue is that a new kind of computer — a quantum computer — works in a fundamentally different way. If it becomes powerful enough, it could open that padlock in a fraction of the time that today's computers would need. Scientists and security experts around the world have known about this possibility for years. The good news is that they have already been building a new generation of locks designed to stay secure even against quantum computers.

Two things to hold in mind. First, this is not a sudden crisis. Researchers and standards bodies have been preparing for this transition for nearly a decade, and the replacement locks have been designed, tested, and finalized. Second, the timeline is measured in years, not weeks. The point of starting the work now is precisely so it does not become an emergency later.

The U.S. government's standards agency — the National Institute of Standards and Technology, or NIST — officially finalized three new security standards in August 2024. Think of these as the blueprints for the new, stronger padlocks. They have names that are not friendly to remember (ML-KEM, ML-DSA, SLH-DSA) but you do not need to remember them. What matters is that the math is finished and the blueprints are public.

The companies that make the security software embedded in your phone, your laptop, your bank's website, and your employer's systems are now in the process of updating their products to use these new designs. This is a gradual, planned upgrade. It is similar to the way homes are gradually rewired for modern electrical standards over many years — not a single day where everything changes, but a sequence of vendor updates that arrives through your normal software-update process.

The transition is a disciplined engineering program, not a crisis. The people responsible for the security of the systems you use are aware of it. A plan is in place. The new protections are already being built into the products you will use in the coming years.

There is nothing you need to do differently today. You should continue to use strong, up-to-date software and follow your organization's guidance on device updates and password hygiene, because those practices remain as important as ever. None of them become less effective because of the quantum transition — they become more important, because they are what keeps your systems eligible to receive the upgraded locks when vendors ship them.

The critical message is one of reassurance: the engineers responsible for the systems you use are aware of this future challenge, a plan is in place, and the new protections are already being built into the products you will use in the coming years. If you encounter content online that frames this as urgent or apocalyptic, that framing is wrong. The standards are stable, the migration is underway, and the discipline is what carries the world across.

If you want to read more

• For the editorial frame. "PQC is not a quantum problem" on deretti.net — a short essay explaining why the response is operational discipline, not new physics.
• For the executive version. The Executives briefing in this section covers the business-impact framing and the compliance landscape.
• For the technical version. The Security Architects briefing covers the standards, hybrid construction, and structural pitfalls.