[level3]

If this protocol got implemented widely, I think there would be some value in creating an alternative app that essentially combines this with a local password database. The app could automatically generate site-specific keypairs, and you would still only need to memorize your master password.

This combination would solve the problem of your master password being disclosed (your opponent still needs to get your database), while retaining the benefit of giving sites only your public key instead of a usable password.

[smichel17]

The biggest problem here is multi-device support. Right now you can enter the same email + mpw on a different device and it just works. Adding a local secret means you must manually transfer that to any new device.

Seems like a good feature for people with stronger security requirements (eg, journalists), but not the average user.

[level3]

The nice thing about the protocol is that the client-side app can actually be replaced. All you need is something that will manage the private key(s) and properly respond to the authentication challenge through the protocol handler.

So the average user can stick with the default app, while anyone who wants more security can opt for a vault-based version. This is similar to the current state of affairs with passwords, where users can opt to use password managers.

The important thing is that sites make the shift to a challenge-based protocol. Once that's done, there are lots of different ways of implementing the client-side app, all with different trade-offs. For example, you could replace the master password with a fingerprint.