Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Breeza lightning service provider and Bitcoin software lab, has launched Passkey Login in its Breez SDK. This feature allows developers to create storage bags which use private keys to authenticate and generate keys, eliminating the need for regular seed words.
Seed word support is available for users who prefer it, keeping back compatibility with industry standards, but removing the “speed” in Bitcoin wallets, which allows users to store their 12 words.
Breez explained the reason for the new feature in a press release shared with Bitcoin Magazine: “This word has been a deterrent to privacy since day one. It’s what scares people away from keeping their bitcoins, and it’s a valid reason why people accept the dangers of peer-to-peer exchanges with encrypted software.” Adding that “Passkey Login doesn’t solve the problem of conservatives, but it reframes them around something people already understand and use, which is biometric authentication that protects their banking program and their personal privacy manager.
Passkeys: Per-Site Key Pairs in Modern Hardware
Passkeys – a new level of security that is growing rapidly on the Internet – are passwords based on the FIDO2 WebAuthn standard, promoted by Apple, Google, Microsoft, and the FIDO Alliance from 2022. Each keyboard has a unique group-password key that is created for a specific website or application.
The private key remains stored in a secure device or similar device on the user device, such as Apple’s Secure Enclave, Android’s Titan chip, Windows TPM, external security keys such as the YubiKey or a password manager.
Normal Internet Passkeys are similar to the original Bitcoin wallet.dat file introduced by Satoshi Nakamoto in his first release of the Bitcoin client, where private keys are stored locally on the user’s device, while public keys are shared with a third party.
However, the FIDO2 standard applies the concept of public privacy in a more formal and modern way. Websites send a key to the user, indicating the user’s unique password for the account. The counter message is signed with the user’s private key, verifying their identity in a confidential manner. Each service obtains a different public key for the same user, so that the data exposed on one website does not generate data that can be used to access other websites, and does not contain user identification data.
FIDO2 is now widely adopted, using security features on devices, including password managers (eg, iCloud Keychain, Google Password Manager), browsers, and the World Wide Web Consortium (W3C) WebAuthn API. Authentication is done through counter-signing, with a private key containing the domain to prevent encryption.
Passkeys enable biometric unlocking (Face ID, fingerprint, PIN) and synchronization on all devices within the environment (for example, via iCloud or Google) – more than a billion devices that the FIDO Alliance said from the middle of 2025, with the support of major platforms and many top websites.
FIDO2 Wasn’t Good Enough for Bitcoin Wallets
Access keys were successful in authentication (proving identity) but lacked the necessary features needed by the modern Bitcoin industry.
Bitcoin’s security often relies on a single source of entropy (the term seed) to generate all addresses and keys in a verifiable way, through standards like BIP-39. Users expect only 12 words to be enough to recover all funds and accounts on the Bitcoin wallet. The Passkey level should be expanded to support this.
Breez’s Solution: Using the PRF Extension
Breez answers this by using Added Pseudo-Random Function (PRF) in WebAuthn Level 3. PRF supports a passkey to enable the encryption of any information during authentication.
As explained in Breez’s announcement materials, “That’s what WebAuthn’s extended PRF solves, and it’s the key to Passkey Login. PRF is a new capability, part of the WebAuthn Level 3 specs, that allows your passkey to generate deterministic cryptographic output for every input. The same passkey, the same passkey, can’t unlock your device.
Device Loss and Recovery
If the device is lost, recovery depends on the platform used to store the passkey. Shared keys – via iCloud Keychain, Google Password Manager, etc. – restore to a new device after re-establishing a linked account.
Breez offers a backward-compatible entry system: users can send a normal 12-word, BIP-39 mnemonic to their wallet, to be able to withdraw their account to other Bitcoin wallets, following industry standards. The press release adds that “Passkey is also not yet supported across platforms. If you want to move to a platform or wallet that doesn’t support Passkey, you have a voice to fall back on.”
The technical details of Passkey Login are public, and a software developer called Glow shows the feature. Breez positions this as a step towards making Bitcoin’s security more accessible by combining the biometric authentication used in banking with passwords, while maintaining a secure control. Developers who integrate the Breez SDK can now provide access without the custom “type this text” input.
The full description of Passkey Login is all peopleand our reporting program Light it is already running, and is now available for all Breez SDK devs to use.
