It's not just about "convenience", it is hard for the human mind to remember a truly random password. You can try all the mnemonic tricks you want but at the end of the day it requires a lot of time and repetition before entering the password is effortless. So what people do is create a stream of derivable passwords. For example, I can think of a phrase "I love beach balls bouncing on the ocean!" and then make a password "ilBBbotocean!" and when it comes time to change that password, I'll just add a number "ilBBbotocean!1". Studies have shown this is what people do. But it is easy for attackers to also derive these passwords once one password in the chain has been compromised.

The effect of that is that by requiring frequent rotation, the organization is effectively training their users to have a single permanent password and to never change it, even after a compromise. That's extremely harmful. At least with permanent passwords that are force rotated after they show up in database or there has been an incident, you have a much higher percentage of compliance with making new passwords, and the organization is safer because everyone isn't using passwords derived from the previous password.

Most federal orgs still have 60 day password rotation requirements in place, even though NIST gave guidance almost 10 years ago not to do that.

What does that mean? Passwords are stored in textiles accessible by admin only, and shared. And everyone is worse for it.