… not really, I think, as using a login-passkey (e.g. from your security key) as UV for usage of a passkey of the BW vault (not that I see that coming at the moment) wouldn’t be circular… or did I miss your point? (of course, if we would be able to use PRF for stored passkeys, then especially “full-login-passkeys with encryption” used from the BW vault might introduce some circularity here…)