To be fair, they didn't 'break RSA'. What they did, or claim to have done, is factorised a 22 bit number on a quantum computer. If it had two prime factors, one would have to be below about 2,000. It would have been quicker to do it on a raspberry pi.<p>The main benefit of the ongoing rollout of post-quantum cryptography in browsers and webservers we're seeing at the moment is not that quantum computers are cryptographically relevant now - they're not. It is to safeguard against the 'store now, decrypt later' threat model, in which an attacker records your internet traffic now, then revisits it later when better codebreaking technology is available. This is why the NIST standards for PQC are being rolled out in TLS 1.3 by various cloud providers, reverse proxies etc. We are at a minimum a decade away from anyone breaking RSA on a quantum computer.