I found a "b2clogin" password on my iPhone

Can you see the URL associated with saved password? Usually it's represented in this manner:

https://<tenantName>.b2clogin.com/<tenantName>.onmicrosoft.com/b2c_1_<policyName>/

What ever is in place of <tenantName> is the company using Azure AD (Microsoft windows login system) to extend their company's windows authentication system to their customers. It a common pattern in modern applications, doesn't harm your phone.

@RamjaaneM possible. I do software development for a company that provides services to their customers. They use Microsoft Azure Ative Directory to authenticate internally. I use the b2clogin API to extend the companies login system. This is standard practice compared to the past where customers had a separate login system to staff. Hope that helps. It's not a security problem.

Some services (apps?) that use Microsoft Azure cloud service architecture, use the b2clogin domain for their business-to-consumer logins (authentication).

2 examples that use this are:

• Presto Cards (Toronto Transit System) - prestocardprodb2c.b2clogin.com
• Scene + (movie points) - sceneplusb2c.b2clogin.com

I've had trouble because apple won't allow the same username (email) with 2 different passwords at the same URL... so I can't find a way to store this in apple passwords for now without using the same password for 2 sites.

I think it has to do with scene plus that’s the only one I installed today and I too have b2clogin.

No, that login credential is not spyware. However, it is part of something else, and I do not know which one, or how to find out.

It is like some company uses a warehouse service. Then you get a notification from that warehouse. Unless they tell you, you would have no idea which company uses services from that warehouse. It can be almost any company.