I am forced by external vendors and internal security to use password authentication for SFTP.

I do not have a choice!

This grew out of FTP less than a decade ago. Everyone has always known password auth; it cannot die.

Are you on the same planet as the rest of us?