The solution isn't intended as a measure to resist intrusion, I agree 100% with you that using PKI as a form of two factor for hardening authentication is a great idea.
It's more of a secondary measure for forensics and incident response purposes when the intrusion resistance measures fail. If your credentials can be hacked for any reason(your key AND your password are compromised, for example), when those credentials are used you have a useful audit trail of when it happened and can possibly even get some early notification. If I hack your laptop and use your valid credentials to log in to a site, even if you log in just to disable the audit logging, there will at least be one entry of that happening somewhere. If the audit collection system supports some early notification, you can potentially change your credentials or notify the service before the hacker does something bad.
It's more of a secondary measure for forensics and incident response purposes when the intrusion resistance measures fail. If your credentials can be hacked for any reason(your key AND your password are compromised, for example), when those credentials are used you have a useful audit trail of when it happened and can possibly even get some early notification. If I hack your laptop and use your valid credentials to log in to a site, even if you log in just to disable the audit logging, there will at least be one entry of that happening somewhere. If the audit collection system supports some early notification, you can potentially change your credentials or notify the service before the hacker does something bad.