When you log in with a password server gives you a cookie/token so you stay logged in. It can be invalidated if your IP changes, it expires or something like that. But if you're logged in with 2FA those rules can be relaxed, it's a simple as that if you ask me. Implementation dependent of course.
I don't think those sites show you a captcha before you enter your login and password, but rather on submit. So for that username you don't show them a captcha at all, if they don't have a proper cookie you ask for 2FA.
I don't think those sites show you a captcha before you enter your login and password, but rather on submit. So for that username you don't show them a captcha at all, if they don't have a proper cookie you ask for 2FA.