Data breaches usually don’t involve a dark room with a hacker in a hoodie hunched over a computer. “ Some industry researchers predict that 80 percent of cloud data breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, rather than cloud provider vulnerabilities, by 2020” according to Mark Johnson in an article by Data Breach Today .

If you’re in the healthcare space, this is particularly serious because HHS requires companies to announce these HIPAA data breaches, even if there’s no evidence that anything nefarious was even done with the breached healthcare data.

“ Last year was…


The Virgil Security “Pure” WordPress Plugin is a free tool that protects WordPress user passwords from data breaches and both online and offline attacks, and renders stolen passwords useless if your database is compromised. And developers can breathe a sigh of relief everywhere, because even if your database is breached, users do not need to change their original passwords.

WordPress powers 30% of the top ten million of the world’s websites 1. …


PureKit is an SDK for protecting passwords and PII stored in your database.

Our users were encrypting their data, but not their passwords or PII in the database. And that defeats the whole point.

Virgil Security is proud to announce PureKit, a developer tool for protecting passwords and sensitive data like PII stored in a database.

Pure stands for “Password and User Records Encryption” and is based on the PHE service (Password-Hardened Encryption). PureKit replaces password hashing with a more advanced solution that prevents brute-force attacks on passwords and sensitive data stored in the database, and allows developers to instantly render a stolen database useless without any inconvenience to the end users. The Virgil Security PureKit SDK makes implementing PHE’s advanced cryptography possible to the average developer.

Passwords are the weakest link

Death, taxes…


With e3kit, a new client-side SDK for Twilio, it’s now even easier to add end-to-end encryption to your Twilio product. e3kit is an end-to-end encryption SDK with a simpler set-up process, and it has features like multi-device support already built in.

In this post, we’ll walk you through how e3kit works and how you can start building end-to-end encryption into your Twilio messaging functionality.

What is end-to-end encryption?

This is what a typical Twilio app looks like today:


Hi there. We’re the team behind Twilio’s end-to-end encrypted HIPAA-compliant messaging and many health and IoT products that use the awesome innovation of end-to-end encryption to build a whole new world of privacy-first products.

After years of seeing frustrated developers not be able to implement HIPAA-compliant secure chat apps on their favorite platform (Firebase), we decided to do something about it.

First of all, we took the approach that worked for Twilio — build it in a way that doesn’t require a HIPAA Business Associate Agreement (a “BAA” which means you assume the liability for the security of the personal…


By Alexey Ermishkin, Chief Product Security Officer at Virgil Security, Inc. and co-author of the NoiseSocket protocol

Telegram recently announced Telegram Passport, a new service that allows users to upload and store documents such as their passport, drivers license, and bank statements and then share them with third party services, such as ICOs, crypto wallets, and anyone complying with Know Your Customer (KYC) regulations, that desire to verify the user’s identity.

First we must give Telegram full credit for publishing their API as open source. …


The Virgil Security team in front of the booth at Webit Festival.

The Virgil World Tour made its first international stop in Sofia! The city has been called “a hidden gem” by VentureBeat, and the “digital capital of the new markets” and one of the top 10 cities in the world to launch a startup by Forbes. At Webit Festival, there were almost 10,000 developers, founders, policy leaders and investors in attendance, and the Virgil Security team was excited to meet hundreds of them at our booth in the Startup Expo.

Most attendees were from Europe and therefore very interested in end-to-end encryption due to the heightened interest in security and user…


Last week the Virgil World Tour brought the Virgil Security team to DeveloperWeek NYC, the world’s largest conference series for developers and developer executives, in Brooklyn blocks from startups like Kickstarter.

On this Virgil World Tour stop, we got back to basics and hosted a series of educational programming about end-to-end encryption and key management. In order to fully take advantage of our tech, developers have told us that they want to understand the core concepts better. We’re working on creating new graphics and more educational material for Virgil developers. Any topics or concepts you’d like us to cover?


David and Rebecca from the Virgil Security team are ready to talk encryption with Apple developers!

Highlights from AltConf and WWDC 2018 from Virgil Security

The Virgil Security team is back home and unpacking our bags from a great week sponsoring AltConf. For 4 days, we set up shop next door to WWDC, Apple’s annual developer conference, and met hundreds of developers, product managers and friends from Firebase and Twilio.

One of the key themes of Apple’s conference was privacy and security, in keeping with their public stances against Facebook and Google’s data-collection practices. As Tim Cook said recently, “We reject the excuse that getting the most out of technology means trading away your right to privacy.” And iOS and macOS developers seem to agree…


Howdy Firebase community!

We’re Virgil Security, the tech behind Twilio’s End-to-End Encrypted Messaging, securing hundreds of apps and IoT products on the Internet today. We receive a ton of requests from Firebase developers; they love the Firebase platform, but are concerned about its privacy and security. So, we integrated our SDK with Firebase to enable End-to-End Encryption for the Firebase platform and your app!

At AltConf, next door to Apple’s WWDC, we announced our integration with Firebase. …

Virgil Security, Inc

We make every software developer an applied cryptologist. https://github.com/VirgilSecurity

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store