It's been tried in various flavors of that. The one I liked the best was OpenID. You designate who you trust to actually log you in, which could even be localhost if you set your redirects right, then provide a URL as your "login." There was a somewhat standardized set of data that could go back and forth, and if a specific site needed more, it could ask for it on it's own.
The problem, I think, is that every site wants to own the web, and doesn't want to give up anything, let alone login. Facebook and Twitter and Google all want to be the auth providers to the net, but then you have to trust them in a much more elevated way than you should, and their motives are more around building a profile of you and where you go on the net than being a secure auth provider. If Facebook started supporting U2F (they may, I don't know), Yubikey sales would explode tomorrow and the web may be a safer place, who knows.
The problem, I think, is that every site wants to own the web, and doesn't want to give up anything, let alone login. Facebook and Twitter and Google all want to be the auth providers to the net, but then you have to trust them in a much more elevated way than you should, and their motives are more around building a profile of you and where you go on the net than being a secure auth provider. If Facebook started supporting U2F (they may, I don't know), Yubikey sales would explode tomorrow and the web may be a safer place, who knows.