Breez, a lightning service provider and Bitcoin software laboratory, has launched Passkey Login as part of its Breez SDK. This new feature enables developers to create self-custodial wallets that utilize passkeys for authentication and key derivation, thereby eliminating the necessity for traditional seed phrases during routine use.
While support for seed phrases continues to be available for users who prefer this method, the initiative aims to enhance user experience by removing the “speed bump” associated with Bitcoin wallets, which typically requires users to secure their 12-word backup.
Understanding Passkeys: Modern Per-Site Key Pairs
Passkeys, a relatively new security standard gaining significant traction online, are cryptographic credentials anchored in the FIDO2 WebAuthn standard. This standard has been collectively championed by Apple, Google, Microsoft, and the FIDO Alliance since 2022. Each passkey is comprised of a unique public-private key pair generated for a specific website or application.
The private key is securely stored within the hardware components of the user’s device, such as Apple’s Secure Enclave, Android’s Titan chip, Windows TPM, external security keys like YubiKey, or the user’s password manager.
Standard online passkeys bear resemblance to the original Bitcoin wallet.dat file first introduced by Satoshi Nakamoto, where private keys remain stored on the user’s device while public keys are shared with external parties.
However, the FIDO2 standard enhances this private-public key concept by offering a more structured and contemporary approach. In this model, websites issue a challenge to users based on their known public key. The user authenticates by signing the challenge with their private key, accessing their identity while preserving privacy. Each service utilizes a distinct public key for the same user, thereby safeguarding against data breaches that could compromise information across various platforms.
FIDO2 has achieved widespread adoption, leveraging secure device elements and integrating with password managers (such as iCloud Keychain and Google Password Manager), browsers, and the World Wide Web Consortium (W3C) WebAuthn API. Authentication is executed through a challenge-response signing mechanism, binding the private key to the domain to mitigate phishing threats.
Passkeys support biometric unlocking methods (e.g., Face ID, fingerprint, or PIN) and can synchronize across devices within a given ecosystem (e.g., via iCloud or Google). As of mid-2025, the FIDO Alliance reported over a billion activations, with support across major platforms and numerous prominent websites.
Limitations of FIDO2 in the Context of Bitcoin Wallets
While standard passkeys excel in authentication (verifying user identity), they lack essential functionalities necessary for the contemporary Bitcoin landscape.
Bitcoin self-custody typically relies on a singular source of entropy (the seed phrase) to generate all addresses and keys deterministically, following standards like BIP-39. Users have come to expect that those 12 words alone suffice for recovering all balances and accounts within a Bitcoin wallet, necessitating an extension of the Passkey standard to accommodate this requirement.
Breez’s Innovative Approach: Utilizing the PRF Extension
Breez has tackled this challenge by implementing the Pseudo-Random Function (PRF) extension within WebAuthn Level 3. This feature empowers a passkey to generate deterministic cryptographic outputs in response to specific inputs during the authentication process.
As detailed in Breez’s announcement materials, “The PRF extension of WebAuthn resolves this challenge, serving as the fundamental component of Passkey Login. PRF is an advanced capability associated with the WebAuthn Level 3 specification, allowing a passkey to yield a deterministic cryptographic output for given inputs. The same passkey, same input, same output. Always. The passkey remains within the secure enclave of the user’s device.”
Device Loss and Recovery Options
If a device is lost, recovery is contingent upon the platform used to store the passkey. Synced passkeys—via services such as iCloud Keychain or Google Password Manager—enable restoration on a new device once access to the relevant account is regained.
Breez offers an optional backward-compatible solution: users can export a conventional 12-word, BIP-39 mnemonic for their wallet, facilitating account recovery in other Bitcoin wallets that adhere to industry standards. The press release emphasizes that “Passkeys are not yet fully interoperable across various platforms. Should a transition to a platform or wallet that does not support passkeys be necessary, users will have a standard seed phrase as a fallback.”
The comprehensive technical specifications for Passkey Login are publicly available, and a reference application named Glow exemplifies the feature. Breez positions this advancement as a progressive step toward making Bitcoin self-custody more accessible by aligning it with widely recognized biometric authentication practices used in banking and password management, while still ensuring non-custodial control. Developers utilizing the Breez SDK can now facilitate onboarding processes that omit the conventional “write down these words” step within supported environments.
Thank you for visiting our site. You can get the latest Information and Editorials on our site regarding bitcoins.
