The point of the hardware token is that the credential never touches the PC. Putting a private key in local storage is no better than a user name and password because it leaves it open to theft. The most common problem that an everyday user faces is either a data breach on the service provider end or a virus / keylogger on their PC. Hardware tokens with certs solve both those problems in terms of account access.