> There's no reason that using a password/key can't be just as detectable as using a credit card.
That's not my point. The status quo is that people get alerted if something uses their credit card inadvertently and don't have similar alerts for uses of their password other than in a handful of situations like Gmail logins.
It's definitely not impossible for people to keep tabs on their logins, but this isn't how the Average Joe operates.
Switching to a hardware based login system and getting centralized alerts when that login is used is likely going to be the default, not some pipe dream.
Plus, there's also the obvious solution for potentially stolen and misused keys .. just add a PIN.
There's no reason that using a password/key can't be just as detectable as using a credit card.
Also trying to trace logins application side is rather foolish IMHO, this should always be done at the authority that is granting the authorization.