I've often wondered why the same system is never[0] used more generally for accessing websites where we need to login?
It seems to me that wrapping in a user-friendly GUI; the various terminal commands for creating an SSH key pair and making the public key available 'somewhere' for upload would be a fairly simple task. Likewise with providing a GUI to allow the user to then send that public key to any website that the user wanted to create a login for.
From a security point of view, it would also seem to be a no-brainer. The key uploaded to the website is the public key, so any security breach on that website would only net the hackers a load of public keys which are openly available anyway.
This kind of login would do away with the need to remember any passwords at all [not even a master password for a password manager] and would also seem to mitigate the danger of people using the same password on various sites. It wouldn't matter if someone used the same public key on various sites, as it's not meant to be a secret anyway.
I'm not a security expert. So no doubt I'm missing some really obvious downside here --the only one I can think of is that we'd need a different 'login' for each device you use, which would somehow need to be linked together into the same user account on any website-- but, apart from that I can't see why SSH logins are not more widely used.
So, come on you smart HN-ers. What glaringly obvious gotcha have I overlooked?
[0] The only site I can think of that allows me to login with my SSH public key is Github. And, even then, the setup involves creating the key via terminal and then pasting it into a form. Definitely not something granny could do.