diff --git a/src/Core/Core.csproj b/src/Core/Core.csproj
index 44f96360fe..9f187aa3df 100644
--- a/src/Core/Core.csproj
+++ b/src/Core/Core.csproj
@@ -25,7 +25,7 @@
     <PackageReference Include="Azure.Storage.Blobs" Version="12.10.0" />
     <PackageReference Include="Azure.Storage.Queues" Version="12.3.2" />
     <PackageReference Include="BitPay.Light" Version="1.0.1907" />
-    <PackageReference Include="Fido2.AspNet" Version="1.1.0" />
+    <PackageReference Include="Fido2.AspNet" Version="3.0.0-beta2" />
     <PackageReference Include="Handlebars.Net" Version="1.10.1" />
     <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
     <PackageReference Include="MailKit" Version="2.8.0" />
diff --git a/src/Core/Entities/User.cs b/src/Core/Entities/User.cs
index 50e6349811..f7a3281d49 100644
--- a/src/Core/Entities/User.cs
+++ b/src/Core/Entities/User.cs
@@ -132,6 +132,7 @@ namespace Bit.Core.Entities
 
         public void SetTwoFactorProviders(Dictionary<TwoFactorProviderType, TwoFactorProvider> providers)
         {
+            // When replacing with system.text remember to remove the extra serialization in WebAuthnTokenProvider.
             TwoFactorProviders = JsonHelpers.LegacySerialize(providers);
             _twoFactorProviders = providers;
         }
diff --git a/src/Core/Identity/WebAuthnTokenProvider.cs b/src/Core/Identity/WebAuthnTokenProvider.cs
index d180ccaad2..b3f72010a3 100644
--- a/src/Core/Identity/WebAuthnTokenProvider.cs
+++ b/src/Core/Identity/WebAuthnTokenProvider.cs
@@ -65,14 +65,14 @@ namespace Bit.Core.Identity
 
             var exts = new AuthenticationExtensionsClientInputs()
             {
-                UserVerificationIndex = true,
                 UserVerificationMethod = true,
                 AppID = CoreHelpers.U2fAppIdUrl(_globalSettings),
             };
 
             var options = _fido2.GetAssertionOptions(existingCredentials, UserVerificationRequirement.Discouraged, exts);
 
-            provider.MetaData["login"] = options;
+            // TODO: Remove this when newtonsoft legacy converters are gone
+            provider.MetaData["login"] = JsonSerializer.Serialize(options);
 
             var providers = user.GetTwoFactorProviders();
             providers[TwoFactorProviderType.WebAuthn] = provider;
@@ -98,7 +98,8 @@ namespace Bit.Core.Identity
                 return false;
             }
 
-            var clientResponse = JsonSerializer.Deserialize<AuthenticatorAssertionRawResponse>(token);
+            var clientResponse = JsonSerializer.Deserialize<AuthenticatorAssertionRawResponse>(token,
+                new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
 
             var jsonOptions = provider.MetaData["login"].ToString();
             var options = AssertionOptions.FromJson(jsonOptions);
diff --git a/src/Core/Models/TwoFactorProvider.cs b/src/Core/Models/TwoFactorProvider.cs
index 7b644940d9..88481482ef 100644
--- a/src/Core/Models/TwoFactorProvider.cs
+++ b/src/Core/Models/TwoFactorProvider.cs
@@ -1,7 +1,7 @@
 using System;
 using System.Collections.Generic;
+using System.Text.Json;
 using Bit.Core.Enums;
-using Bit.Core.Utilities;
 using Fido2NetLib.Objects;
 
 namespace Bit.Core.Models
@@ -24,8 +24,13 @@ namespace Bit.Core.Models
                 }
                 catch
                 {
-                    // Handle newtonsoft parsing
-                    Descriptor = JsonHelpers.LegacyDeserialize<PublicKeyCredentialDescriptor>(o.Descriptor.ToString());
+                    // Fallback for older newtonsoft serialized tokens.
+                    if (o.Descriptor.Type == 0)
+                    {
+                        o.Descriptor.Type = "public-key";
+                    }
+                    Descriptor = JsonSerializer.Deserialize<PublicKeyCredentialDescriptor>(o.Descriptor.ToString(),
+                        new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
                 }
                 PublicKey = o.PublicKey;
                 UserHandle = o.UserHandle;