Every time Safari pops up a "passwords are locked" box in the browser window asking for my login password in order to access saved web site passwords, I think it's a fake popup.
I’m constantly being asked to re-enter my password by Microsoft and Google. They’re training users to type their password into anything. The OneDrive prompts on Win10 might as well be a phishing simulator.
You could trick so many users just by randomly popping up one of these that pretends to be an MS365 login. Users are accustomed to the prompts and will blindly enter their credentials. Then the box will disappear and nothing will happen, just like OneDrive.
Having worked at a place where the AWS console session only lasted an hour, I could've easily been fooled if a fake SSO prompt was placed in front of me. "Oh joy, time to login for the sixth time today."
