The Death of the Seed Phrase: WebAuthn & Device Trust
By Security Engineering · May 28, 2026 · 5 min read
The usability gap
For decades, using cryptocurrency required writing down a 12- or 24-word seed phrase. Cryptographically secure, yes — but a massive usability gap for average users. Lose the paper and your funds are gone forever. Get tricked into typing it on a malicious site and your wallet is instantly drained.
Phishing-resistant WebAuthn
Furlpay replaces seed phrases entirely by leveraging WebAuthn (FIDO2) credentials:
// Register a new Furlpay account using local biometrics
const credential = await navigator.credentials.create({
publicKey: {
challenge: serverChallenge,
rp: { name: "Furlpay" },
user: { id: userId, name: userName, displayName: userName },
pubKeyCredParams: [{ alg: -7, type: "public-key" }] // ES256
}
});This API triggers the user's device — MacBook Touch ID, Windows Hello or a YubiKey — to generate a secure public-key credential. The private key stays locked inside the device's hardware security chip, protected from remote extraction and phishing. Furlpay associates the public key with your Safe smart wallet on-chain, letting you sign transactions with a fingerprint or face scan.
More in Engineering
Designing 2-of-2 MPC Key Generation for Self-Custody
No single private key is ever generated. Here's how Furlpay splits signing across a device passkey share and an HSM policy share.
June 28, 2026 · 6 min read
Bypassing the Gas Crisis: ERC-4337 Paymasters on L2 Networks
Nobody should need ETH just to send USDC. How Furlpay uses ERC-4337 account abstraction and Paymasters to make gas disappear.
June 15, 2026 · 5 min read
Solving Card Declines: Time-Locked Pre-Authorization Escrows
Why self-custodial cards get declined at gas pumps and hotels — and how Furlpay's time-locked escrow contracts fix pre-authorization holds.
June 1, 2026 · 5 min read