In a significant move to enhance the accessibility and security of Bitcoin wallets, Breez, a leading lightning service provider and Bitcoin software lab, has unveiled Passkey Login within its Breez SDK. This innovative feature allows developers to create self-custodial wallets that leverage passkeys for authentication and key derivation, eliminating the need for traditional seed phrases during normal use.
Breaking Down the Barriers to Bitcoin Self-Custody
For years, the seed phrase has been a double-edged sword in the Bitcoin ecosystem. While it ensures the highest level of security, the complexity and the necessity of securely storing 12 words have often deterred new users from embracing self-custody. Breez’s Passkey Login is designed to address this issue by integrating a more familiar and user-friendly authentication method.
“The seed phrase has been a barrier to self-custody since day one,” Breez explained in a press release. “It’s what scares normies away from keeping their own bitcoin, and it’s a legitimate reason why people accept the counterparty risk of exchanges and custodial apps.” The company further noted that passkeys align with the biometric authentication methods users are already accustomed to, such as those used in banking apps and password managers.
Understanding Passkeys: A Modern Security Standard
Passkeys are cryptographic credentials based on the FIDO2 WebAuthn standard, which has gained widespread adoption across major tech platforms including Apple, Google, and Microsoft. Each passkey is a unique public-private key pair generated for a specific website or application. The private key remains securely stored in the device’s hardware, such as Apple’s Secure Enclave or Android’s Titan chip, while the public key is shared with the service.
During authentication, the service sends a challenge to the user’s device, which is then signed by the private key, verifying the user’s identity without exposing sensitive information. This process is both secure and private, as each service receives a different public key for the same user, preventing cross-site tracking and data breaches.
Breez’s PRF Extension: The Key to Bitcoin Integration
While standard passkeys excel at authentication, they lacked the deterministic key derivation needed for Bitcoin self-custody. Breez addressed this by implementing the Pseudo-Random Function (PRF) extension in WebAuthn Level 3. The PRF extension allows a passkey to produce a consistent cryptographic output for any given input, making it suitable for generating Bitcoin addresses and keys in a deterministic manner.
“That’s what the PRF extension of WebAuthn solves, and it’s the key ingredient in Passkey Login,” Breez elaborated. “PRF is a newer capability, part of the WebAuthn Level 3 spec, that lets your passkey produce a deterministic cryptographic output for any given input. Same passkey, same input, same output. Always. The passkey never leaves your device’s secure enclave.”
Device Loss and Recovery: Ensuring User Control
In the event of device loss, recovery depends on the platform used to store the passkey. For instance, synced passkeys via iCloud Keychain or Google Password Manager can be restored on a new device after regaining access to the associated account. Breez also offers an optional backwards-compatible path, allowing users to export a traditional 12-word BIP-39 mnemonic for their wallet, ensuring they can recover their account in other Bitcoin wallets if needed.
“Passkeys also aren’t fully interoperable across platforms yet. If you ever need to move to a platform or wallet that doesn’t support passkeys, you have a standard seed phrase to fall back on,” Breez added.
Forward-Looking Insights: The Future of Bitcoin Self-Custody
The introduction of Passkey Login by Breez marks a significant step towards making Bitcoin self-custody more accessible and user-friendly. By aligning with familiar biometric authentication methods, Breez is paving the way for a broader adoption of non-custodial wallets. As the technology matures and more platforms adopt passkeys, the barriers to entry for new Bitcoin users are likely to diminish, fostering a more inclusive and secure cryptocurrency ecosystem.
The full technical specification for Passkey Login is public, and a reference app called Glow demonstrates the feature. Developers integrating the Breez SDK can now offer onboarding without the traditional “write down these words” step, making the user experience smoother and more intuitive.
About the Author
