diff --git a/cmd/cosign/cli/public_key.go b/cmd/cosign/cli/public_key.go
index 35e79836929..fd16c3fbb5d 100644
--- a/cmd/cosign/cli/public_key.go
+++ b/cmd/cosign/cli/public_key.go
@@ -40,7 +40,7 @@ func PublicKey() *ffcli.Command {
 		flagset = flag.NewFlagSet("cosign public-key", flag.ExitOnError)
 		key     = flagset.String("key", "", "path to the private key file, public key URL, or KMS URI")
 		sk      = flagset.Bool("sk", false, "whether to use a hardware security key")
-		slot    = flagset.String("slot", "", "security key slot to use for generated key (authentication|signature|card-authentication|key-management)")
+		slot    = flagset.String("slot", "", "security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)")
 		outFile = flagset.String("outfile", "", "file to write public key")
 	)
 
diff --git a/cmd/cosign/cli/sign.go b/cmd/cosign/cli/sign.go
index 947d43c18f6..6c407ad42e5 100644
--- a/cmd/cosign/cli/sign.go
+++ b/cmd/cosign/cli/sign.go
@@ -78,7 +78,7 @@ func Sign() *ffcli.Command {
 		key         = flagset.String("key", "", "path to the private key file, KMS URI or Kubernetes Secret")
 		upload      = flagset.Bool("upload", true, "whether to upload the signature")
 		sk          = flagset.Bool("sk", false, "whether to use a hardware security key")
-		slot        = flagset.String("slot", "", "security key slot to use for generated key (authentication|signature|card-authentication|key-management)")
+		slot        = flagset.String("slot", "", "security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)")
 		payloadPath = flagset.String("payload", "", "path to a payload file to use rather than generating one.")
 		force       = flagset.Bool("f", false, "skip warnings and confirmations")
 		recursive   = flagset.Bool("r", false, "if a multi-arch image is specified, additionally sign each discrete image")
diff --git a/cmd/cosign/cli/sign_blob.go b/cmd/cosign/cli/sign_blob.go
index 0011a8c4f86..8479fb8d648 100644
--- a/cmd/cosign/cli/sign_blob.go
+++ b/cmd/cosign/cli/sign_blob.go
@@ -43,7 +43,7 @@ func SignBlob() *ffcli.Command {
 		key     = flagset.String("key", "", "path to the private key file or a KMS URI")
 		b64     = flagset.Bool("b64", true, "whether to base64 encode the output")
 		sk      = flagset.Bool("sk", false, "whether to use a hardware security key")
-		slot    = flagset.String("slot", "", "security key slot to use for generated key (authentication|signature|card-authentication|key-management)")
+		slot    = flagset.String("slot", "", "security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)")
 		idToken = flagset.String("identity-token", "", "[EXPERIMENTAL] identity token to use for certificate from fulcio")
 		output  = flagset.String("output", "", "write the signature to FILE")
 	)
diff --git a/cmd/cosign/cli/verify.go b/cmd/cosign/cli/verify.go
index 3d1ae67523e..e48175bbb6b 100644
--- a/cmd/cosign/cli/verify.go
+++ b/cmd/cosign/cli/verify.go
@@ -49,7 +49,7 @@ func applyVerifyFlags(cmd *VerifyCommand, flagset *flag.FlagSet) {
 	annotations := annotationsMap{}
 	flagset.StringVar(&cmd.KeyRef, "key", "", "path to the public key file, URL, KMS URI or Kubernetes Secret")
 	flagset.BoolVar(&cmd.Sk, "sk", false, "whether to use a hardware security key")
-	flagset.StringVar(&cmd.Slot, "slot", "", "security key slot to use for generated key (authentication|signature|card-authentication|key-management)")
+	flagset.StringVar(&cmd.Slot, "slot", "", "security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)")
 	flagset.BoolVar(&cmd.CheckClaims, "check-claims", true, "whether to check the claims found")
 	flagset.StringVar(&cmd.Output, "output", "json", "output the signing image information. Default JSON.")
 
diff --git a/cmd/cosign/cli/verify_blob.go b/cmd/cosign/cli/verify_blob.go
index 0ecd61aa611..9492227cdf1 100644
--- a/cmd/cosign/cli/verify_blob.go
+++ b/cmd/cosign/cli/verify_blob.go
@@ -45,7 +45,7 @@ func VerifyBlob() *ffcli.Command {
 		flagset   = flag.NewFlagSet("cosign verify-blob", flag.ExitOnError)
 		key       = flagset.String("key", "", "path to the public key file, URL, or KMS URI")
 		sk        = flagset.Bool("sk", false, "whether to use a hardware security key")
-		slot      = flagset.String("slot", "", "security key slot to use for generated key (authentication|signature|card-authentication|key-management)")
+		slot      = flagset.String("slot", "", "security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)")
 		cert      = flagset.String("cert", "", "path to the public certificate")
 		signature = flagset.String("signature", "", "path to the signature")
 	)
diff --git a/pkg/cosign/pivkey/util.go b/pkg/cosign/pivkey/util.go
index 6e5cf26e89e..8a25607e156 100644
--- a/pkg/cosign/pivkey/util.go
+++ b/pkg/cosign/pivkey/util.go
@@ -24,7 +24,7 @@ import (
 func SlotForName(slotName string) *piv.Slot {
 	switch slotName {
 	case "":
-		return &piv.SlotAuthentication
+		return &piv.SlotSignature
 	case "authentication":
 		return &piv.SlotAuthentication
 	case "signature":