If x was a random secret number, there is something that MUST be remembered, why not just add the random number to your own password... the point of the nounce is to:

1.  save time (this means that we can use a much stronger password strengthening function, if we are not doing it every time, this makes searching through passwords much slower for an attacker... but not slow for a regular user that remembers their nonce)

2.  check if the user didn't mistype the password.


We SHOULD provide a option where the user put a 'account name' and 'some random number'  that is mixed into the password. A in a standard way... however these options should be optional.

It is the user's fault if they use an insecure password... like anything we should do the best we can to warn the user that they are being stupid... (eg a weak password)... but shouldn't stop them being stupid.