You need a way to sync them on multiple computers, use them as a guest (eg when you've borrowed a machine temporarily), do recovery flows, manage their regeneration and rotation, generate unique certs per site, basically all the management hurts. As a web site, you also have to teach everyone in the world how they work, and who wants to be the first to do that?
One day WebAuthn might be usable for all the things. I want that to come soon but it is not here yet.
One day WebAuthn might be usable for all the things. I want that to come soon but it is not here yet.