On 15 April we announced a proof-of-concept hybrid post-quantum FIDO2 authentication token. Here is what we actually built, why it matters for anyone running a key manager, and the unglamorous engineering that made ML-DSA fit on a dongle with 256 KB of RAM.

A transmission from ICMC 2026 in Arlington, VA. Cryptsoft's CTO Tim Hudson takes the podium and sets out to dismantle a stubborn assumption: that centralised key management is, by definition, a single point of failure.