Technically, a smartcard is both something you have (the card) and something you know (the PIN). Even if there were no PIN, smartcards are better than passwords:
1. The public key stored by the server cannot be used for authentication. That means that hacking a server will not give the attacker access to anything beyond that server.
2. More randomness; there are no dictionary attacks on secret keys, and brute force attacks are hard to mount.
3. Defense against phishing: the attacker cannot trick you into giving your secret key, because the card does not export secret keys.
All of the above address the biggest problems we have with passwords right now. You are not likely to be tortured for your card or your PIN, just like you are not likely to be tortured for your password. Sure, smartcards come with their own set of problems, like dealing with lost/stolen/destroyed cards; yet these are not terribly hard to solve (banks are able to deal with lost/stolen/destroyed credit cards). The benefits far outweigh the cost.
1. The public key stored by the server cannot be used for authentication. That means that hacking a server will not give the attacker access to anything beyond that server.
2. More randomness; there are no dictionary attacks on secret keys, and brute force attacks are hard to mount.
3. Defense against phishing: the attacker cannot trick you into giving your secret key, because the card does not export secret keys.
All of the above address the biggest problems we have with passwords right now. You are not likely to be tortured for your card or your PIN, just like you are not likely to be tortured for your password. Sure, smartcards come with their own set of problems, like dealing with lost/stolen/destroyed cards; yet these are not terribly hard to solve (banks are able to deal with lost/stolen/destroyed credit cards). The benefits far outweigh the cost.