You're asking the wrong person: Sites shouldn't do that. But they do, often.
Banks are the worst offenders, but it isn't limited to that. Any site that thinks it is "special" and requires "extra security" targets password managers for reasons unknown.
Banks are the worst offenders, but it isn't limited to that. Any site that thinks it is "special" and requires "extra security" targets password managers for reasons unknown.