It wasn’t just me. The folks at Wired have noticed that some web sites are not really very password manager friendly.
I travel fairly often. Lots of that travel is for work but I do get around on personal business and to get away. One of my go to sites for travel is Hilton dot com. I’ve been a Hilton customer for a long time. I like their hotels. I think they treat me well where ever I go. This isn’t an advertisement for Hilton; your mileage (and accommodations) may vary.
When you sign in at the Hilton site you typically see a prompt for a user name and password along with a check box for ‘remember me’; where the site drops a site cookie to your browser. This window also has ‘forgot your sign in’ and ‘register for site’ dialogues.
The annoying thing is that Hilton has added a check to see if you are a robot. It seems like if the cookie isn’t found in your browser, the site will add a robot test to see if the session has a user attached. I found the test usually involves matching text to pictures. The annoying thing about the test is that if you often clear cookies (like many security researchers and I do) you’ll run into this robot check more often than the general public (many of whom unknowingly tolerate cookies).
If I use my password manager this test comes up after that software has filled in the username and password fields and submits that data; so my login fails. Once that fail happens I have to complete the form and the robot test manually and then submit.
It is mildly annoying but I’m still spending lots of time at Hilton properties.