> tried this with hardware only password managers but they were too annoying

And besides that, ultimately if the computer you're using been compromised, whatever you do on that computer can be mucked about with, so while the password sits safely on the hardware, once you're logged in in the browser, the cookie is just sitting there. I guess you'd get furthest isolation with Qubes et al, but with a regular Linux installation you'd still be exposed with a hardware password manager, if the installation been compromised.