That would be an improvement, but authentication would still be based on a phishable credential vs a cryptographic assertion, and ultimately exploited in the enterprise environment it was designed for.
The enterprise environment would run the more secure version of it, and the prosumer people would run the less secure version. Doesn't mean the secure version is any less secure