The reason: 2-factor security code is on your phone, but how can you look at it with VR headset on?
It's very akward to stare every time between phone and headset you just pulled off your head to watch phone code. You cannot look at phone while in VR. Desktop users have no problems, but VR users cannot do it fast, because there is also timer on code. For some people, it's even more work to put on properly headset on the head.
So i am thinking login FIRST in vrchat.com site, verify it with 2-factor code. This should lock your login automatically for next login, so you don't need login again in VRChat, because the ip address or session is registered.
This may also special timed login, so you have like 1 hour time to login VRChat before it's invalid.
It's even bad idea to log off btw in VRChat - because you need login and do 2-factor security step again. If you're in streaming while kicked off by server error or hacked client, you dont want let others see what you type there in login.... and yes, again put off your headset to look on phone.
This is why VR + 2 factor security login combination is not great, more stupid in use. There should better and easier solutions to login with VR without need grab your phone because the 2-factor code step. Login on website is simple solution to make it easier.
Another idea is special app on your phone to give login permission with click. For example Blizzard / Battle.net has this way to authorize the login by click and you don't need enter code.