What is a passkey Bitcoin wallet?

A passkey Bitcoin wallet is a self-custody wallet that derives your Bitcoin private keys on your device from a passkey, using the WebAuthn PRF extension. You authenticate with Face ID, Touch ID, or your device's built-in authenticator, and the wallet produces your keys locally. No seed phrase is required for setup.

Is a passkey wallet really self-custody?

Yes. The keys are derived on your device, from a passkey your device controls. The wallet maker never sees your passkey or your Bitcoin keys. The trust model is the same as a seed-phrase wallet. The only difference is where the entropy comes from.

What happens if I lose my phone?

Passkeys are synced through your device provider (Apple iCloud Keychain, Google Password Manager). When you sign in on a new device with your Apple or Google account, your passkey comes with you, and the same keys can be re-derived. If you lose access to your Apple or Google account and haven't exported a recovery phrase, you lose access to the Bitcoin.

Is passkey self-custody safer than a seed phrase?

Different tradeoffs. Seed phrases are offline and portable across any wallet, but they're easy to lose, easy to photograph by accident, and most people store them badly. Passkeys are harder to lose (synced by your device provider) and can't be phished the way seed phrases can, but they depend on that provider staying available. Many modern wallets support both.

Which wallets use passkeys?

Piggy is passkey-first on iOS and Android. A growing number of wallets support passkey authentication, though not all of them use the passkey to derive Bitcoin keys directly. If a wallet calls itself 'passkey-first' and uses the WebAuthn PRF extension, it's doing the full thing.

Passkey Bitcoin Wallets: Self-Custody Without a Seed Phrase

A passkey Bitcoin wallet derives your Bitcoin private keys on your device from the same passkey you use to log into your apps. No mandatory 12-word seed phrase. No piece of paper in a drawer. Still fully self-custody, with the same cryptography underneath.

What a passkey is

A passkey is a modern replacement for passwords, built into iOS, Android, macOS, and Windows. When you sign into a website or app with Face ID, Touch ID, or your device's PIN, and there's no password involved, you're using a passkey. The operating system holds a cryptographic key pair, the website holds the public half, and the private half never leaves your device.

Apple and Google sync passkeys automatically through iCloud Keychain and Google Password Manager. Sign in on a new phone, your passkeys come with you.

How a Bitcoin wallet can use one

A standard passkey login only proves "this device has the key." That's enough to log into a website, but not enough to run a Bitcoin wallet, which needs an actual private key you control.

WebAuthn PRF (Pseudo-Random Function extension) closes the gap. PRF lets an app ask the passkey to run a given input through its private key and return deterministic bytes. Those bytes look random but are reproducible. A wallet uses them as the seed for a Bitcoin private key.

Your Bitcoin key is derived on-device, from your passkey, on demand. It's never stored by the wallet and never transmitted. Every time you open the app, the key is re-derived from the same passkey and the same input, and everything works. Same trust model as a seed-phrase wallet. Different entropy source.

Why this matters

You don't have to manage a seed phrase you'll probably mess up. The biggest source of lost Bitcoin over the last decade is people storing their seed phrases badly. Photos in the cloud. Notes app. Screenshot to a group chat. Written on a sticky note that got thrown out. Passkey-first wallets remove that whole category of self-own.

Multi-device sync is automatic. With a seed phrase, putting your wallet on a second phone means re-entering 12 words. Error-prone. With passkeys, your device provider handles sync. The wallet works on every device signed into your Apple or Google account.

It's harder to phish. A seed phrase is a string. Anyone who gets a copy can take your Bitcoin, and phishing sites ask for seed phrases all the time. A passkey can't be typed into a phishing page. It's bound to your device and the specific domain or app it was created for.

Tradeoffs

Passkey-first self-custody has tradeoffs:

You depend on your device provider. Apple and Google hold your passkeys. They can't see the Bitcoin keys derived from them, but if they lock you out of your account, you lose access to the passkey, and if you haven't exported a backup, you lose access to the Bitcoin. Seed phrases don't have this dependency.

Cross-wallet portability is limited. With a seed phrase, you can import the same wallet into any BIP-39-compatible app. Passkey-derived keys are usually tied to a specific wallet's derivation scheme. Moving to a different wallet is harder unless the wallet also offers a seed phrase export.

PRF support is still maturing. It works on modern iOS, Android, macOS, and Windows. Older devices or certain authenticators may not support it. Passkey-first wallets handle this by checking and falling back.

How Piggy handles this

Piggy is passkey-first, not passkey-only. When you install the app, you create a passkey, and your Bitcoin keys are derived from it on your device. That's the default path, and for most people it's all they ever use.

If you want a second line of defense, you can optionally export a 12-word recovery phrase. It's derived from the same passkey/PRF process, so it's the same wallet. If you ever lose access to both your device and your Apple/Google account, the seed phrase still restores your funds. Piggy never sees the seed phrase. More on Piggy's model.

Who this is for

Passkey Bitcoin wallets are for people who:

Want self-custody without managing a seed phrase on paper
Use modern iOS or Android devices
Want the same wallet to work across all their devices without importing anything

They are less ideal for people who:

Run fully airgapped setups with a hardware wallet and cold storage
Specifically don't trust Apple or Google
Need a wallet that can be imported into any other BIP-39 tool

For the first group, passkey-first is a genuine upgrade. For the second group, a traditional seed-phrase wallet is still the right answer.