Enterprise passwordless. Post-quantum from the first byte. Nothing stored, ever. You cannot decrypt what was never written down.
The quantum computer will read everything the world has stored. So we chose to store {nothing.}
Veil removes every password from your company and seals what replaces them in post-quantum cryptography. Your employees never touch a password again. Your password manager never stores one again. Every app keeps working.
Open. Approve. In. No password to type, forget, reset, or surrender to a fake login page. Sign-in becomes muscle memory, not memory.
Veil lives at the sign-in of every app your company uses, including the ones your SSO doesn't cover. Nothing migrates. Nothing gets replaced. It switches on, and passwords switch off.
Every credential is born at the instant of use and gone milliseconds later. No vault to crack today. Nothing on record for a quantum computer to open tomorrow.
> now for the fun part: the science underneath ↓
A quantum computer doesn't just break tomorrow's encryption. It opens everything ever recorded under today's. Three dates tell the story:
NIST finalized the post-quantum standards. The migration clock started.
Adversaries record encrypted traffic now, to read it at Q-Day.
HARVEST NOW · DECRYPT LATER
Classical encryption is deprecated, then disallowed. Everything recorded under it becomes readable.
The only data that survives Q-Day
is data that never existed.
Your employees open, approve, and they're in. The password was created for that exact moment, used once, and destroyed. It lived for milliseconds. It will never exist again. And nobody, including us, ever saw it.
Each sign-in is produced fresh by a split-trust ceremony: one half of the trust stays with your user, the other in Veil's core. Together they re-create the exact credential at the instant of use. It lives in memory for milliseconds, does its job, and is gone.
Same inputs → the byte-identical credential, every time, across device replacements and years of use. This is what makes storing nothing possible: there is nothing to save, because it can always be conjured again.
Each credential is cryptographically bound to its exact site. A lookalike domain yields a different, useless credential, every single time. The user doesn't have to spot the fake; the fake simply receives nothing that works.
Every ceremony requires Veil's core, so access is rate-limited and revocable on the next attempt. There is no local cache to farm, no blob to brute-force in silence, no offline path an attacker can take.
Every password Veil conjures is assembled from two halves: one held by your employee, one held in Veil's core. Each half is useless alone, and they only ever meet inside a post-quantum sealed exchange, for the millisecond of sign-in. Steal our servers and you hold half a secret. Half a secret is no secret at all.
Holds its half of the ceremony, hardware-rooted and released per use. It is never transmitted raw and never leaves the user's possession.
Holds the other half, isolated per customer. It sees only sealed exchanges: never a credential, never a site, never anything worth stealing.
A vault on a stolen laptop can be brute-forced in silence, forever. Veil can't: there is nothing local to attack, and nothing central to exfiltrate.
You have just seen the two halves. Here they are in motion: one complete sign-in with Veil, stretched out so you can see every step. In real time it takes about three seconds. The thin cyan line in the middle is how long the password exists.
Every vault, password manager, and SSO on the market was built before the post-quantum standards existed. They all face a decade of migration. Veil skipped it: sealed in the new standards from its first byte.
Pre-quantum products must swap out their cryptography while the world runs on them. Veil never carries that debt. The new standards are its foundation, not an upgrade.
Anything captured off Veil's wire is sealed in quantum-resistant encryption. It stays unreadable at Q-Day and every day after. Try it yourself, one section down.
Everything long-lived is locked twice: once with classical cryptography, once with lattice cryptography. Both would have to fall before anything breaks.
The standards inside
| Purpose | Construction | Standard |
|---|---|---|
| Key encapsulation | X25519 + ML-KEM-768 hybrid | FIPS 203 |
| Device identity | Ed25519 + ML-DSA-65 composite | FIPS 204 |
| Symmetric encryption | XChaCha20-Poly1305 · 256-bit | RFC 8439 |
| Key derivation | HKDF-SHA-512 · domain-separated | RFC 5869 |
| Credential derivation | The Arrangement · standardized parts only | UNDER NDA |
Below is a live view of what an eavesdropper on Veil's network actually captures: exchanges sealed in post-quantum encryption before they ever touch the wire. Record as much as you like. Then press the button to attack your recording with a simulated quantum computer from the 2030s, and see how far you get.
a simulation, honestly labeled. the sealing is ML-KEM-768, FIPS 203. the futility is genuine.
Two companies, side by side. Company A keeps its passwords in a vault. Company B runs Veil, so it has nothing stored at all. Pick an attack and watch it hit both at once. The sixth one is the honest one.
Every vendor promises they won't. We built Veil so we can't:
This is zero trust built instead of promised: no trust to abuse, no insider who can help, no court order that changes the answer, no breach that changes the math.
So here is ours, printed large: the four things Veil does not defend against, stated before you ask. Judge a security vendor by whether it shows you this list at all.
Everything else, from the phishing site to the sprayed password to the stolen database to the recorded wire to the Q-Day archive, is defended by construction.
Eight questions security teams actually ask, answered in plain words. Pick one.
Veil is onboarding a small number of pilot organizations. If you own identity for a security-conscious team, we'd like 30 minutes with your hardest questions. Full construction on the table, under NDA.
prefer plaintext? hello@veilauth.com · full construction & threat model available under NDA