diff --git a/src/iOS.Autofill/CredentialProviderViewController.Passkeys.cs b/src/iOS.Autofill/CredentialProviderViewController.Passkeys.cs
index b1664c85f..6560e6821 100644
--- a/src/iOS.Autofill/CredentialProviderViewController.Passkeys.cs
+++ b/src/iOS.Autofill/CredentialProviderViewController.Passkeys.cs
@@ -328,11 +328,6 @@ namespace Bit.iOS.Autofill
             }
         }
 
-        private bool CanProvideCredentialOnPasskeyRequest(CipherView cipherView)
-        {
-            return _context.PasskeyCredentialRequest != null && !cipherView.Login.HasFido2Credentials;
-        }
-
         private void OnConfirmingNewCredential()
         {
             MainThread.BeginInvokeOnMainThread(() =>
diff --git a/src/iOS.Autofill/CredentialProviderViewController.cs b/src/iOS.Autofill/CredentialProviderViewController.cs
index a1e6bbaa5..501b508d0 100644
--- a/src/iOS.Autofill/CredentialProviderViewController.cs
+++ b/src/iOS.Autofill/CredentialProviderViewController.cs
@@ -443,14 +443,17 @@ namespace Bit.iOS.Autofill
                     return;
                 }
 
-                var decCipher = await cipher.DecryptAsync();
-
-                if (!CanProvideCredentialOnPasskeyRequest(decCipher))
+                if (_context.IsPasskey)
                 {
+                    // this shouldn't happen but as a safeguard we've set it here:
+                    // if somehow the flow got into here then it's impossible to find the credential identity
+                    // i.e. if on iOS < 17 and somehow there is a PasskeyCredentialRequest that was passed along in the iOS callbacks
                     CancelRequest(ASExtensionErrorCode.CredentialIdentityNotFound);
                     return;
                 }
 
+                var decCipher = await cipher.DecryptAsync();
+
                 if (decCipher.Reprompt != CipherRepromptType.None)
                 {
                     // Prompt for password using either the lock screen or dialog unless