[tjoff]

The reason for why it isn't widespread is because you also have to spread it across all your devices. Which is neither secure nor usable enough for the mainstream today.

Unless that is solved it isn't a solution worth considering.

[Someone]

Not worth considering as a 'fits all' solution, yes, but it still is worth considering for specialized cases; in general, those cases where the added inconenience is worth the added security. For example, some banks use effectively this for logging in to your online account. And that can be made to work with any device with a display and a keyboard:

  - computer shows challenge#

  - user types challenge# on bank supplied device

  - bank supplied device shows response

  - user types response on computer

[nitrogen]

Blizzard uses a challenge-response system called SRP for Battle.net. That's fairly mainstream.

You have to enter your password into all your devices anyway, so why not use challenge and response?