BreezThe Lightning Lab is a Bitcoin software provider that provides lightning services. Passkey Login Breez SDK. This feature allows developers build self-custodial wallets Passkeys are used for key generation and authentication, with no need to use the seed phrase.
Users who want to use seed phrases can continue using them, while maintaining backward compatibility. “speed bump” Bitcoin wallets ask users for 12 words to verify their identity.
Breez shared a news release with Bitcoin Magazine that explained this feature. “The seed phrase has been a barrier to self-custody since day one. It’s what scares normies away from keeping their own bitcoin, and it’s a legitimate reason why people accept the counterparty risk of exchanges and custodial apps.” Add this “Passkey Login doesn’t eliminate the tradeoffs of self-custody, but it reframes them around something people already understand and use, namely the same biometric authentication that protects their banking app and their password manager. For most users, that’s a much more intuitive security model than a piece of paper in a drawer.”
Modern Hardware Passkeys: Pairs of keys per site
Passkeys — a fairly new security standard that is gaining broad adoption online — are cryptographic credentials based on the FIDO2 WebAuthn standard, jointly promoted by Apple, Google, Microsoft, and the FIDO Alliance since 2022. Passkeys are a pair of public and private keys that is generated specifically for each website or app.
Private keys are stored on devices such as Apple Secure Enclave or Android Titan Chip, Windows TPM or external security key like YubiKey.
Online Passkeys are similar to the Bitcoin wallet.dat files that Satoshi introduced in the early versions of his Bitcoin client. Private keys are kept on the device and shared with others.
FIDO2 implements this idea of a private and public key in a modern, standardised way. The website sends a challenge referencing the public key of the account. Signed by the private key of the user, this challenge message authenticates their identity while maintaining privacy. The public keys are different for each service, so that data accessed on one site cannot be used by other sites, and it does not contain user-identifying information.
FIDO2 now has a wide adoption. It integrates password managers with the World Wide Web Consortium’s WebAuthn API, browsers and device secure elements. It is authenticated by challenge-response, while the private keys are bound to the domain in order to prevent phishing.
Passkeys support biometric unlock (Face ID, fingerprint, PIN) and sync across devices within an ecosystem (e.g., via iCloud or Google)—over a billion activations reported by the FIDO Alliance as of mid-2025, with support on major platforms and many top websites.
FIDO2 wasn’t Good Enough For Bitcoin Wallets
The standard passkeys are excellent at proving your identity, but they lack key features needed in the Bitcoin industry.
Bitcoin self-custody relies typically on a source of entropy to create all keys and addresses in a deterministic manner, using standards such as BIP-39. These 12 words are expected to suffice to retrieve all the balances of a Bitcoin wallet. To support this application, the Passkey standard had to be expanded.
Breez’s Solution: Leveraging The PRF Extender
Breez addresses the issue by using Pseudo-Random Function (PRF) extension in WebAuthn Level 3. PRF allows a passkey for authentication to generate a deterministic output cryptographic.
Breez announcement materials describe the Breez product. “That’s what the PRF extension of WebAuthn solves, and it’s the key ingredient in Passkey Login. PRF is a newer capability, part of the WebAuthn Level 3 spec, that lets your passkey produce a deterministic cryptographic output for any given input. Same passkey, same input, same output. Always. The passkey never leaves your device’s secure enclave.”
In the event of a device loss, you can recover your lost or stolen devices.
The platform that was used to store the password is what determines whether the device can be recovered if it’s lost. Synced passkeys — via iCloud Keychain, Google Password Manager, etc — restore on a new device after regaining access to the associated account.
Breez offers a backwards compatible path. Users can export the 12-word BIP 39 mnemonic of their wallet so that they can retrieve their account using other Bitcoin wallets. In the release it is stated that “Passkeys also aren’t fully interoperable across platforms yet. If you ever need to move to a platform or wallet that doesn’t support passkeys, you have a standard seed phrase to fall back on.”
Passkey Login has a public technical specification. A reference app, Glow, demonstrates this feature. Breez says this will make Bitcoin self-custody easier to access by aligning it with the biometrics that are used in password managers and banks, without compromising non-custodial security. Breez SDK allows developers to offer onboarding services without the usual “write down these words” Step for Supported Environments
Passkey Login technical specifications are available. publicOur reference app Glow Breez SDK is now open to all Breez SDK developers.
“This article is not financial advice.”
“Always do your own research before making any type of investment.”
“ItsDailyCrypto is not responsible for any activities you perform outside ItsDailyCrypto.”
Source: bitcoinmagazine.com
