The greatest issue with this is that a phone + QR reader is not always-on. You have to 1) turn on 2) unlock 3) type phone's password 4) open app 5) then read code. At this point you could already have typed your username+password a dozen times.

Maybe NFC/BTLE could make this feasible?