diff --git a/apps/web/src/app/admin-console/organizations/users/enroll-master-password-reset.component.ts b/apps/web/src/app/admin-console/organizations/users/enroll-master-password-reset.component.ts
index 68203033ee7..45b0cc318fc 100644
--- a/apps/web/src/app/admin-console/organizations/users/enroll-master-password-reset.component.ts
+++ b/apps/web/src/app/admin-console/organizations/users/enroll-master-password-reset.component.ts
@@ -58,8 +58,8 @@ export class EnrollMasterPasswordReset {
         const publicKey = Utils.fromB64ToArray(orgKeys.publicKey);
 
         // RSA Encrypt user's encKey.key with organization public key
-        const encKey = await this.cryptoService.getEncKey();
-        const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
+        const userKey = await this.cryptoService.getUserKeyFromMemory();
+        const encryptedKey = await this.cryptoService.rsaEncrypt(userKey.key, publicKey.buffer);
         keyString = encryptedKey.encryptedString;
         toastStringRef = "enrollPasswordResetSuccess";
 
diff --git a/apps/web/src/app/auth/accept-organization.component.ts b/apps/web/src/app/auth/accept-organization.component.ts
index 291cea09a49..c27db602aeb 100644
--- a/apps/web/src/app/auth/accept-organization.component.ts
+++ b/apps/web/src/app/auth/accept-organization.component.ts
@@ -141,8 +141,8 @@ export class AcceptOrganizationComponent extends BaseAcceptComponent {
       const publicKey = Utils.fromB64ToArray(response.publicKey);
 
       // RSA Encrypt user's encKey.key with organization public key
-      const encKey = await this.cryptoService.getEncKey();
-      const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
+      const userKey = await this.cryptoService.getUserKeyFromMemory();
+      const encryptedKey = await this.cryptoService.rsaEncrypt(userKey.key, publicKey.buffer);
 
       // Add reset password key to accept request
       request.resetPasswordKey = encryptedKey.encryptedString;
diff --git a/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts b/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts
index ebf74f44570..53abeb4623f 100644
--- a/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts
+++ b/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts
@@ -77,15 +77,18 @@ export class ChangeKdfConfirmationComponent {
     request.kdfParallelism = this.kdfConfig.parallelism;
     request.masterPasswordHash = await this.cryptoService.hashPassword(masterPassword, null);
     const email = await this.stateService.getEmail();
-    const newKey = await this.cryptoService.makeKey(
+    const newMasterKey = await this.cryptoService.makeMasterKey(
       masterPassword,
       email,
       this.kdf,
       this.kdfConfig
     );
-    request.newMasterPasswordHash = await this.cryptoService.hashPassword(masterPassword, newKey);
-    const newEncKey = await this.cryptoService.remakeEncKey(newKey);
-    request.key = newEncKey[1].encryptedString;
+    request.newMasterPasswordHash = await this.cryptoService.hashPassword(
+      masterPassword,
+      newMasterKey
+    );
+    const newUserSymKey = await this.cryptoService.encryptUserSymKeyWithMasterKey(newMasterKey);
+    request.key = newUserSymKey[1].encryptedString;
 
     await this.apiService.postAccountKdf(request);
   }
diff --git a/apps/web/src/app/settings/update-key.component.ts b/apps/web/src/app/settings/update-key.component.ts
index 9f46d732694..9ea6bb2d14b 100644
--- a/apps/web/src/app/settings/update-key.component.ts
+++ b/apps/web/src/app/settings/update-key.component.ts
@@ -36,8 +36,8 @@ export class UpdateKeyComponent {
   ) {}
 
   async submit() {
-    const hasEncKey = await this.cryptoService.hasEncKey();
-    if (hasEncKey) {
+    const hasUserKey = await this.cryptoService.hasUserKey();
+    if (hasUserKey) {
       return;
     }
 
@@ -68,16 +68,16 @@ export class UpdateKeyComponent {
   }
 
   private async makeRequest(): Promise<UpdateKeyRequest> {
-    const key = await this.cryptoService.getKey();
-    const encKey = await this.cryptoService.makeEncKey(key);
+    const masterKey = await this.cryptoService.getMasterKey();
+    const newUserKey = await this.cryptoService.makeUserSymKey(masterKey);
     const privateKey = await this.cryptoService.getPrivateKey();
     let encPrivateKey: EncString = null;
     if (privateKey != null) {
-      encPrivateKey = await this.cryptoService.encrypt(privateKey, encKey[0]);
+      encPrivateKey = await this.cryptoService.encrypt(privateKey, newUserKey[0]);
     }
     const request = new UpdateKeyRequest();
     request.privateKey = encPrivateKey != null ? encPrivateKey.encryptedString : null;
-    request.key = encKey[1].encryptedString;
+    request.key = newUserKey[1].encryptedString;
     request.masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, null);
 
     await this.syncService.fullSync(true);
@@ -87,7 +87,7 @@ export class UpdateKeyComponent {
       if (folders[i].id == null) {
         continue;
       }
-      const folder = await this.folderService.encrypt(folders[i], encKey[0]);
+      const folder = await this.folderService.encrypt(folders[i], newUserKey[0]);
       request.folders.push(new FolderWithIdRequest(folder));
     }
 
@@ -96,7 +96,7 @@ export class UpdateKeyComponent {
       if (ciphers[i].organizationId != null) {
         continue;
       }
-      const cipher = await this.cipherService.encrypt(ciphers[i], encKey[0]);
+      const cipher = await this.cipherService.encrypt(ciphers[i], newUserKey[0]);
       request.ciphers.push(new CipherWithIdRequest(cipher));
     }
 
diff --git a/libs/angular/src/auth/components/login-with-device.component.ts b/libs/angular/src/auth/components/login-with-device.component.ts
index 7af5afeca7a..3f5a22b6bf3 100644
--- a/libs/angular/src/auth/components/login-with-device.component.ts
+++ b/libs/angular/src/auth/components/login-with-device.component.ts
@@ -22,7 +22,10 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import {
+  MasterKey,
+  SymmetricCryptoKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 
 import { CaptchaProtectedComponent } from "./captcha-protected.component";
@@ -193,19 +196,22 @@ export class LoginWithDeviceComponent
     requestId: string,
     response: AuthRequestResponse
   ): Promise<PasswordlessLogInCredentials> {
-    const decKey = await this.cryptoService.rsaDecrypt(response.key, this.authRequestKeyPair[1]);
+    const decMasterKeyArray = await this.cryptoService.rsaDecrypt(
+      response.key,
+      this.authRequestKeyPair[1]
+    );
     const decMasterPasswordHash = await this.cryptoService.rsaDecrypt(
       response.masterPasswordHash,
       this.authRequestKeyPair[1]
     );
-    const key = new SymmetricCryptoKey(decKey);
+    const decMasterKey = new SymmetricCryptoKey(decMasterKeyArray) as MasterKey;
     const localHashedPassword = Utils.fromBufferToUtf8(decMasterPasswordHash);
 
     return new PasswordlessLogInCredentials(
       this.email,
       this.passwordlessRequest.accessCode,
       requestId,
-      key,
+      decMasterKey,
       localHashedPassword
     );
   }