diff --git a/libs/common/src/platform/services/fido2/domain-utils.spec.ts b/libs/common/src/platform/services/fido2/domain-utils.spec.ts
index 995f9118afd..e1ab212d0a0 100644
--- a/libs/common/src/platform/services/fido2/domain-utils.spec.ts
+++ b/libs/common/src/platform/services/fido2/domain-utils.spec.ts
@@ -37,7 +37,7 @@ describe("validateRpId", () => {
 
   it("should not be valid when rpId and origin are both different TLD", () => {
     const rpId = "bitwarden";
-    const origin = "localhost";
+    const origin = "https://localhost";
 
     expect(isValidRpId(rpId, origin)).toBe(false);
   });
@@ -46,14 +46,14 @@ describe("validateRpId", () => {
   // adding support for ip-addresses and other TLDs
   it("should not be valid when rpId and origin are both the same TLD", () => {
     const rpId = "bitwarden";
-    const origin = "bitwarden";
+    const origin = "https://bitwarden";
 
     expect(isValidRpId(rpId, origin)).toBe(false);
   });
 
   it("should not be valid when rpId and origin are ip-addresses", () => {
     const rpId = "127.0.0.1";
-    const origin = "127.0.0.1";
+    const origin = "https://127.0.0.1";
 
     expect(isValidRpId(rpId, origin)).toBe(false);
   });
diff --git a/libs/common/src/platform/services/fido2/domain-utils.ts b/libs/common/src/platform/services/fido2/domain-utils.ts
index a3030f78a31..0fde1fce6ec 100644
--- a/libs/common/src/platform/services/fido2/domain-utils.ts
+++ b/libs/common/src/platform/services/fido2/domain-utils.ts
@@ -6,6 +6,12 @@ export function isValidRpId(rpId: string, origin: string) {
   if (!rpId || !origin) {
     return false;
   }
+
+  // The origin's scheme must be https.
+  if (!origin.startsWith("https://")) {
+    return false;
+  }
+
   const parsedOrigin = parse(origin, { allowPrivateDomains: true });
   const parsedRpId = parse(rpId, { allowPrivateDomains: true });