The standard encryption used by websites and online services these days is pretty much impossible to crack. You can rope together every single supercomputer in the entire world, and it still wouldn't be possible to break the usual encryption by brute force. Quantum decryption is set to change all of that, which could be very bad news for VPNs.
Quantum computers are weird, and when it comes to the world of quantum phenomena, even physicists who specialize in it don't totally understand it yet. Computers that use quantum effects, however, are here, and they work! If you want to know more about how quantum computers affect encryption, start with our article on quantum cryptography.
The most important thing you need to know for this article's purposes is that certain types of tasks can be done by quantum computers instantly. In contrast, a traditional computer would require thousands, millions, or billions of years to do the same job. One potential application is code-cracking. At some point in the future, quantum computers could suddenly reach the point where cracking our best encryption would be trivial. That's a problem for several reasons, so let's start with what we think is the biggest one.
Right now, we encrypt most of the data that's sent all over the internet every day. This makes it practically impossible to see what that data is, but nothing stops third-party entities on the internet to intercept and store that data. While no one can crack the encryption on that data now, but when quantum decryption reaches maturity, they can simply run that historical data through the machine and see what's inside.
For the vast majority of information, that won't mean much. The time to make use of that information for malicious gain will be gone. However, there are bound to be some information that's going to be a problem even years from now. Given that those who keep track of encryption technology know that quantum decryption is no longer in the distance, there may be efforts today already to store encrypted data from juicy targets with the hope of unlocking it with future technology, yet to be perfected.
Apart from the threat of historical decryption, there's the issue of contemporary decryption. Most of the useful stuff we do on the internet, such as talking to each other or buying things, rely on encryption to make it safe. This is why you can use your credit card or bank online. When that type of encryption becomes trivial to crack, the services that rely on them will also fold. Even newfangled ideas - such as blockchain and its offshoots - won't be viable if the encryption they rely on is useless.
The good news is that, even when the tech comes into existence, things won't fall apart overnight. Quantum computing technology will still mainly be in the hands of governments. That's a troubling thought for other reasons. Still, hacker groups probably won't have the money or infrastructure for some time.
There's also the idea of using that same quantum computing technology to create encryption that's not so trivial to break. In fact, there's already a strong movement to design unique quantum-resistant encryption methods, which ties in with the problem of VPN connections in the post-quantum decryption age.
Lots of brilliant people are working on the problem of post-quantum VPNs. This article by Microsoft Research outlines the state of affairs perfectly. Basically, cryptographers have five to ten years to figure out encryption problems that aren't solvable by quantum computers or, at least, those that take too long even with that technology.
This is obviously incredibly hard because it's not just a matter of creating encryption that quantum computers can't break - it also needs to be a form of encryption that's practical. It doesn't mean much if current computers are too weak to apply that encryption in real-time. Some of these post-quantum methods might need mainstream computers to be much more powerful than they are today, so they're forward-looking.
Models for post-quantum VPNs exist, though it's not clear whether these are only going to be cost-effective for enterprise VPNs, rather than the private VPN services that we all make use of today. Private VPNs like ExpressVPN or NordVPN have put a lot of power into regular users' hands, shielding them from prying eyes and letting them access or share information freely. If post-quantum VPN solutions are too costly or complex to implement, that's something in danger of extinction.
The specter of historical decryption of intercepted data is legitimately scary. It really should make us think twice about what we send and store using current encryption technology. That's not to say you should stop using encryption! We should all keep using VPNs when needed and encrypt our data when possible.
What you should do is think twice when sending out information that could be intercepted. Would that data be a problem five years from now if it were to be decrypted? If the answer to that question is "yes", you may want to consider using a different way of getting it to its destination.