The End of the
Password.

Nothing visible. Nothing stored

Enterprise passwordless. Post-quantum from the first byte. Nothing stored, ever. You cannot decrypt what was never written down.

Specimen scale 1:1 Loop: continuous
SPECIMEN CHAMBERSPX-0000
············
standby
Quantum-safe
Hybrid PQ · day one
Encryption
ML-KEM-768 · FIPS 203
Signatures
ML-DSA-65 · FIPS 204
Credentials stored
Zero

The quantum computer will read everything the world has stored. So we chose to store {nothing.}

[ 00 // WHAT VEIL IS ] the product · in plain language

Passwordless today.
Quantum-safe forever.

Veil removes every password from your company and seals what replaces them in post-quantum cryptography. Your employees never touch a password again. Your password manager never stores one again. Every app keeps working.

01 · For your employees

Three seconds to anywhere

Open. Approve. In. No password to type, forget, reset, or surrender to a fake login page. Sign-in becomes muscle memory, not memory.

02 · For your stack

Nothing gets replaced

Veil lives at the sign-in of every app your company uses, including the ones your SSO doesn't cover. Nothing migrates. Nothing gets replaced. It switches on, and passwords switch off.

03 · For your risk register

Nothing to breach, ever

Every credential is born at the instant of use and gone milliseconds later. No vault to crack today. Nothing on record for a quantum computer to open tomorrow.

> now for the fun part: the science underneath ↓

[ 01 // THE QUANTUM CLOCK ] the deadline that reaches backwards

Every stored password has an expiry date.

A quantum computer doesn't just break tomorrow's encryption. It opens everything ever recorded under today's. Three dates tell the story:

2024

NIST finalized the post-quantum standards. The migration clock started.

TODAY

Adversaries record encrypted traffic now, to read it at Q-Day.
HARVEST NOW · DECRYPT LATER

2030–35

Classical encryption is deprecated, then disallowed. Everything recorded under it becomes readable.

The only data that survives Q-Day
is data that never existed.

Q-DAY WINDOW est. 2030–2035 SEALED OPEN 2024 2027 2030 2035 Classical encryption: readable at Q-Day Veil traffic, post-quantum sealed: never readable readable still sealed
WHAT A RECORDING IS WORTH, OVER TIMESOURCE: NIST PQC MIGRATION TIMELINE
[ 02 // THE VANISHING ACT ] derived on demand · alive for milliseconds

The safest place to keep a password is nowhere.

Your employees open, approve, and they're in. The password was created for that exact moment, used once, and destroyed. It lived for milliseconds. It will never exist again. And nobody, including us, ever saw it.

Beat 01
Open
the site you need
Beat 02
Approve
one deliberate tap
Beat 03
In
signed in · nothing left behind
Conjured, not retrieved

Each sign-in is produced fresh by a split-trust ceremony: one half of the trust stays with your user, the other in Veil's core. Together they re-create the exact credential at the instant of use. It lives in memory for milliseconds, does its job, and is gone.

Deterministic, forever

Same inputs → the byte-identical credential, every time, across device replacements and years of use. This is what makes storing nothing possible: there is nothing to save, because it can always be conjured again.

Phishing fails by mathematics

Each credential is cryptographically bound to its exact site. A lookalike domain yields a different, useless credential, every single time. The user doesn't have to spot the fake; the fake simply receives nothing that works.

Live control, no offline mode

Every ceremony requires Veil's core, so access is rate-limited and revocable on the next attempt. There is no local cache to farm, no blob to brute-force in silence, no offline path an attacker can take.

THE LIFE OF A VEIL PASSWORD
Born
the instant you approve
Lives
milliseconds, in memory only
Witnesses
zero. not even us
Remains
nothing, anywhere
Built entirely from published NIST standards. Full construction disclosed under NDA.
[ 03 // SPLIT TRUST ] split custody · post-quantum sealed

Half with you. Half with us.
Whole for one millisecond.

Every password Veil conjures is assembled from two halves: one held by your employee, one held in Veil's core. Each half is useless alone, and they only ever meet inside a post-quantum sealed exchange, for the millisecond of sign-in. Steal our servers and you hold half a secret. Half a secret is no secret at all.

X: 000.42 // Y: 112.91 STATUS: CEREMONY_TRACE
Half α / The Device

Your Employee's Side

Holds its half of the ceremony, hardware-rooted and released per use. It is never transmitted raw and never leaves the user's possession.

ALONE: UNLOCKS NOTHING
Half β / Veil Core

Our Side

Holds the other half, isolated per customer. It sees only sealed exchanges: never a credential, never a site, never anything worth stealing.

ALONE: KNOWS NOTHING
Derived credential
RESIDENCY: RAM · LIFETIME: MILLISECONDS · THEN: WIPED
Credentials stored
0, anywhere
What our servers see
Sealed exchanges only
Offline attack surface
Does not exist
Revocation
Next attempt · instant

A vault on a stolen laptop can be brute-forced in silence, forever. Veil can't: there is nothing local to attack, and nothing central to exfiltrate.

[ Δt // THE MILLISECOND ] one veil sign-in · start to finish

Your password's entire life,
on one timeline.

You have just seen the two halves. Here they are in motion: one complete sign-in with Veil, stretched out so you can see every step. In real time it takes about three seconds. The thin cyan line in the middle is how long the password exists.

Approve
the employee taps approve
Create
the password is built, inside post-quantum encryption
Use
it signs them in, from memory only
Destroy
wiped immediately after
Gone
no copy exists anywhere
to scale: the cyan line is the only time the password exists. on a vault, that line never ends. stretched for visibility · real duration: about three seconds
[ 04 // THE POST-QUANTUM ERA ] born after the standards · nothing to migrate

Most security is pre-quantum.
Veil was born after.

Every vault, password manager, and SSO on the market was built before the post-quantum standards existed. They all face a decade of migration. Veil skipped it: sealed in the new standards from its first byte.

01 · No retrofit, ever

Nothing to migrate

Pre-quantum products must swap out their cryptography while the world runs on them. Veil never carries that debt. The new standards are its foundation, not an upgrade.

02 · Wiretaps age into noise

Recordings die, not secrets

Anything captured off Veil's wire is sealed in quantum-resistant encryption. It stays unreadable at Q-Day and every day after. Try it yourself, one section down.

03 · Two locks, always

Double-locked by design

Everything long-lived is locked twice: once with classical cryptography, once with lattice cryptography. Both would have to fall before anything breaks.

The standards inside

PurposeConstructionStandard
Key encapsulationX25519 + ML-KEM-768 hybridFIPS 203
Device identityEd25519 + ML-DSA-65 compositeFIPS 204
Symmetric encryptionXChaCha20-Poly1305 · 256-bitRFC 8439
Key derivationHKDF-SHA-512 · domain-separatedRFC 5869
Credential derivationThe Arrangement · standardized parts onlyUNDER NDA
Stated precisely: this rests on ML-KEM (FIPS 203), the same assumption behind the post-quantum deployments at Google and Apple. Full construction under NDA.
[ ∅ // THE WIRETAP ] interactive · you play the eavesdropper

Go ahead. Wiretap us.

Below is a live view of what an eavesdropper on Veil's network actually captures: exchanges sealed in post-quantum encryption before they ever touch the wire. Record as much as you like. Then press the button to attack your recording with a simulated quantum computer from the 2030s, and see how far you get.

Recording eavesdropper@wire · passive intercept 00:00 · 0.0 KB captured
attempts so far: 0 · success rate: 0%

a simulation, honestly labeled. the sealing is ML-KEM-768, FIPS 203. the futility is genuine.

[ Ω // THE BREACH SIMULATOR ] pick an attack · watch it land

Attack both companies.
Watch what breaks.

Two companies, side by side. Company A keeps its passwords in a vault. Company B runs Veil, so it has nothing stored at all. Pick an attack and watch it hit both at once. The sixth one is the honest one.

Company A · uses a password manageroperational
Credentials still safe
100%1,847,203 stored
Company B · uses Veiloperational
Credentials stored
0nothing here can be taken
"Company A lost everything, six different ways. Company B lost fifteen minutes of one person's access, once, and had told you it would in advance. That is the entire difference between armor and absence." the one that works on us is documented in the fine print
[ 05 // THE TRUST MODEL ] our favorite compliance answer: we can't

The vendor you don't have to trust.

Every vendor promises they won't. We built Veil so we can't:

We cannot read your passwords. They do not exist to be read.
We cannot open your organization. The only master key is 24 words of paper, printed once, locked in your safe.
We cannot hand over what we never held. Not to an attacker, not to an insider, not to a subpoena.
We cannot quietly change the math. Every primitive is a published NIST standard, verified on every build.

This is zero trust built instead of promised: no trust to abuse, no insider who can help, no court order that changes the answer, no breach that changes the math.

Complete inventory · what our servers holdYOUR COMPANY
sealed fragmentsheld
encrypted half-keysheld
event metadataheld
your passwordsnone exist
your master keyin your safe, not here
a way into your companynone exists
Nothing worth stealing
steal all of it tonight. this list is the entire point.
[ 06 // WHAT WE DON'T CLAIM ] four limits · printed large

A security page with no fine print
is a sales page.

So here is ours, printed large: the four things Veil does not defend against, stated before you ask. Judge a security vendor by whether it shows you this list at all.

R-01
Device coercion
An attacker physically controlling a user and their unlocked device can act as that user. No cryptography prevents coercion; rate limits and instant admin revocation bound the blast radius.
R-02
Endpoint malware
If the workstation's OS is compromised, the attacker sees what the user sees in the moment of use. That risk belongs to your EDR/MDM stack. Veil narrows the exposure to milliseconds and leaves nothing behind to loot, but it does not replace endpoint security.
R-03
The lattice assumption
Quantum-safety of recorded traffic rests on ML-KEM (FIPS 203). If it were ever broken, that shield falls. It is the same single assumption every post-quantum system on earth makes. Hybrid construction keeps full classical security regardless.
R-04
The site's side of the story
Every site your employees sign in to keeps its own record of their password, as it does for every user on earth. If that site is breached, that is the site's breach. Veil bounds the damage: the password works nowhere else, and replacing it takes one short sign-in flow.

Everything else, from the phishing site to the sprayed password to the stolen database to the recorded wire to the Q-Day archive, is defended by construction.

[ ? // ASK US ANYTHING ] no chatbot · just answers

Interrogate us.

Eight questions security teams actually ask, answered in plain words. Pick one.

veil · q&a session
> select a question above_
[ 07 // ACCESS ]

Be quantum-safe before it's mandatory.

Veil is onboarding a small number of pilot organizations. If you own identity for a security-conscious team, we'd like 30 minutes with your hardest questions. Full construction on the table, under NDA.

veil · briefing-request · 80×24

prefer plaintext? hello@veilauth.com  ·  full construction & threat model available under NDA