Remote site wants keychain access

I was alerted to this by a colleague. When trying to access a feature of the Espacenet Website (remote machine translation), I was presented with the following, which I’ve never seen before. Correct me if I’m wrong, but does this mean that the remote site is asking for direct access to my keychain so it can access a password for that site? If so, isn’t that an enormous security risk?

Screen Shot 2024-05-03 at 5.21.34 PM

Strange. I don’t have any such key in any of my keychains. I suppose you could use Keychain access to see if there’s anything meaningful in the “” key. I did a web search, but didn’t find anything other than other people reporting the same error from other apps (Safari, Skype and others).

Either way, this isn’t a web site trying to access your keychain. This is Firefox wanting access to a specific key.

But this does surprise me, because I didn’t think Firefox uses keychains at all. But maybe you have an add-in that needs access (maybe something for synchronizing Firefox’s passwords with Safari’s?)

Unfortunately, without knowing more, I can’t say why it’s asking. I’d just deny it access. If it keeps on popping up again, reboot - I’ve seen system errors that result in an infinite flood of authorization requests for no good reason and this might just be one of them.

1 Like

Two additional bits of info. The original poster is using the latest version of MacOS with Safari and received the identical message (just substitute Safari for Firefox). Also, I am using Catalina. So, two different versions of the OS, two different browsers, same Website, same message. The only thing I thought my Keychain contained were Website logins and passwords. Also, only happened with this one Website. I’ve never seen such a message before (with Safari or the latest Firefox).

Is there a chance that this pop-up is not a macOS request but is web-generated (i.e. Javascript) pop-up designed to look like a real macOS request? In this case it might be trying to steal a login password. Also the Deny button might not behave as expected.
I would force-quit Firefox (or Safari) and avoid that website.

Don’t think so. Looks legit. Only time I’ve ever seen it and only with this particular Web site (which is a legitimate site - Espacenet patent search site).

1 Like

I have a vague recollection that there is a different level of authentication that could be stored in the keychain. I don’t have time to check right now, but I have a device that monitors all the power usage in my house, and it requires a system-level login as well as a website login.