A hundred times yes. Passwords should only ever have been allowed locally. When untrusted web sites started to demand passwords for authentication they went down the wrong path already. The industry (including OS and hardware makers) really dropped the ball on this one in the early days with scant support for physical token authentication that people could have gotten used to. Even Yubikey piggybacks on a USB port, when all the energy spent on idiotic fingerprint readers could have been better spent on creating a standardized, dedicated hardware key port.