Breez, a notable provider of lightning services and Bitcoin software, has recently unveiled a significant enhancement to its Breez SDK: the introduction of Passkey Login. This innovative feature empowers developers to create self-custodial wallets that utilize passkeys for authentication and key derivation, ultimately eliminating the need for traditional seed phrases during everyday transactions.
The rationale for this development stems from Breez’s recognition of the hurdles that seed phrases have posed for users. In a statement shared with Bitcoin Magazine, Breez articulated that “the seed phrase has been a barrier to self-custody since day one.” This cumbersome requirement has deterred many potential users from managing their own Bitcoin holdings, often leading them to accept the risks associated with custodial exchanges and apps. By implementing Passkey Login, Breez aims to shift the narrative around self-custody, offering a more intuitive security model that users are already familiar with, such as biometric authentication used in banking applications and password managers.
Passkeys represent a modern security standard that has gained notable traction online. Based on the FIDO2 WebAuthn standard, which has seen advocacy from major tech companies including Apple, Google, and Microsoft, passkeys utilize unique public-private key pairs developed for specific applications or websites. The private key is securely stored within the user’s device, utilizing features like Apple’s Secure Enclave or Android’s Titan chip. This model echoes the early Bitcoin wallet.dat framework proposed by Satoshi Nakamoto, where private keys are stored locally while public keys are disseminated to third parties. However, the FIDO2 standard brings a more organized and standardized approach to this process.
A significant advantage of the FIDO2 framework is its privacy-preserving mechanism for authentication. When a website requests verification, it sends a challenge referencing the user’s known public key. This challenge is verified through a signature created with the user’s private key. Each service uses a unique public key for the same user, thereby safeguarding against data leaks and user identification across platforms.
Despite the strengths of standard passkeys for authentication purposes, they initially lacked essential functionalities required in the Bitcoin sector. Bitcoin self-custody traditionally depends on a single source of entropy, represented by a seed phrase, to methodically generate all addresses and keys. To address this gap, Breez has turned to the Pseudo-Random Function (PRF) extension found in WebAuthn Level 3. This extension allows a passkey to yield a deterministic cryptographic output for any designated input during the authentication process.
In practical terms, if a device containing passkeys is lost, recovery will depend on the platform used to store these credentials. For passkeys synced through services like iCloud Keychain or Google Password Manager, users can restore access on a new device. To ensure users have a safety net, Breez has also included an optional, backward-compatible feature that permits users to export a traditional 12-word, BIP-39 mnemonic for wallet recovery in accordance with established industry standards.
While Breez acknowledges that passkeys are not yet fully interoperable across all platforms, the presence of a standard seed phrase allows users a fallback option should they need to transition to a wallet that does not support passkeys. The complete technical specification for Passkey Login is publicly accessible, and a reference application named Glow has already implemented this feature, marking a significant step toward making Bitcoin self-custody more user-friendly.
By aligning Bitcoin self-custody with familiar biometric authentication methods, Breez aims to enhance user accessibility to the technology while maintaining the principles of non-custodial control. Developers integrating the Breez SDK can now streamline the onboarding process, removing the often daunting “write down these words” step, thus fostering a smoother entry into the world of self-managed Bitcoin wallets.
