Skip to content
Tech News
← Back to articles

You don't want long-lived keys

2026-04-21 | original
read original get YubiKey Security Key → more articles
Why This Matters

Transitioning from long-lived cryptographic keys to ephemeral keys enhances security by reducing the risk of unauthorized access and simplifying key management. This approach helps organizations mitigate the dangers associated with key leaks, insider threats, and outdated credentials, ultimately strengthening overall security posture for consumers and the industry alike.

Key Takeaways

You don't want long-lived keys

Long-lived keys are liabilities that, broadly, compound over time:

As people leave the company, the risk of someone outside of your organization having potential knowledge of the key grows.

If you assume that someone is constantly trying to guess a key or password, the likelihood that they guess correctly grows over time.

Cryptographic keys have usage limits before their security guarantees start to degrade.

You can manage this risk in two ways. The first is to reduce the scope of what a given key can do. This is ideal but not always possible: a key may just need to be inherently powerful in order to do its job. The more general risk reduction is rotating keys. Key rotation is, also, an incredible pain. I suspect many readers have had an experience like:

A rotation that needed to be expedited because the key was leaked.

A key that was generated years ago by an ex-employee with inaccurate (or no) documentation on how the key was generated.

An outage during rotation because the rollout was rushed or because the documentation was too stale to follow.

An outage that had significant blast radius because a botched key rotation doesn't gracefully degrade.

... continue reading

Explore topics: cryptographic keys key rotation ephemeral keys company security key management

© 2026 GoKawiil

About | Editorial Policy | Contact