W3C WebAuthn L3 co-editor Tim Cappalli warns against using the PRF extension to derive encryption keys. This article lays out the structural risk of making data permanently unrecoverable if the authenticator is lost, along with Bitwarden, WhatsApp, and other implementations and the recommended Envelope Encryption pattern.
