diff --git a/docker_auth.go b/docker_auth.go
index 58b3ef2637..604592db0b 100644
--- a/docker_auth.go
+++ b/docker_auth.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"net/url"
 	"os"
+	"strings"
 	"sync"
 
 	"github.com/cpuguy83/dockercfg"
@@ -42,6 +43,11 @@ func dockerImageAuth(ctx context.Context, image string, configs map[string]regis
 	defaultRegistry := defaultRegistryFn(ctx)
 	reg := core.ExtractRegistry(image, defaultRegistry)
 
+	// Make comparison case-insensitive and handle both aliases
+	if strings.EqualFold(reg, "docker.io") || strings.EqualFold(reg, "registry.hub.docker.com") {
+		reg = defaultRegistry
+	}
+
 	if cfg, ok := getRegistryAuth(reg, configs); ok {
 		return reg, cfg, nil
 	}
diff --git a/docker_auth_test.go b/docker_auth_test.go
index 74042fc573..6fbd054bed 100644
--- a/docker_auth_test.go
+++ b/docker_auth_test.go
@@ -123,6 +123,20 @@ func TestDockerImageAuth(t *testing.T) {
 		require.Equal(t, base64, cfg.Auth)
 	})
 
+	t.Run("match the default registry authentication by host", func(t *testing.T) {
+		imageReg := "docker.io"
+		imagePath := "/my/image:latest"
+		reg := defaultRegistry(context.Background())
+		base64 := setAuthConfig(t, reg, "gopher", "secret")
+
+		registry, cfg, err := DockerImageAuth(context.Background(), imageReg+imagePath)
+		require.NoError(t, err)
+		require.Equal(t, reg, registry)
+		require.Equal(t, "gopher", cfg.Username)
+		require.Equal(t, "secret", cfg.Password)
+		require.Equal(t, base64, cfg.Auth)
+	})
+
 	t.Run("fail to match registry authentication due to invalid host", func(t *testing.T) {
 		imageReg := "example-auth.com"
 		imagePath := "/my/image:latest"