[d0ublespeak]

I think this is really cool and a smart way to approach this problem. That being said, the physical isolation of the YubiKey is what makes it useful. Having to physically press a button is the real isolating factor, the interaction is physical and not determined by a piece of software.

[lazka]

Imo that it's not phishable and that there is no secret on the target server is even more useful in practice. And both those properties don't require physical isolation.

[kevincox]

To nitpick: s/there is no secret on the target server/the target server never sees the secret/

With proper password storage the target server never keeps the password. It course that is difficult to verify. With U2F the secret can't store a secret they can't see.