In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
I’ve had banks do it in the past. It’s not that they can “detect” the password manager, they just use a method that’s incompatible with them.
They have a fake input field and capture keypress events via JavaScript directly from the dom, then just make it look like you typed in to the input field. They don’t read the password from the input field, they build it up in memory from those key press events.
It also completely breaks accessibility software, which is the main reason I think the industry moved away from doing it for the most part.