Partly this is the price of defense in depth, so that a compromise of one account does not affect other accounts.

Partly it's poor ergonomics: a password manager should fill in the credentials for you, and 2FA could be a one-touch token.

I wonder what industry are you in with such intense security requirements.