Easy solution. Logging in takes two passwords. After you enter your first password (first 8 chars of your 16 char password) you are presented with an image of a Tiger. You now trust the system. (The picture of a tiger was your secret image). You now enter your second password (the remaining 8 chars of your 16 digit password).
Great, you've now effectively reduced your password complexity to a measly 8 characters, while forcing the user to remember a 16-character long password.
If the user selects their 'secret image' from a known pool of images (as would probably be the case if this is at the OS-level), then the attacker just has to select one of those images (preferably a cute one) and then they know that at least some of the users they snag will have that as their security image.
SiteKey is completely susceptible to Man-in-the-middle (unless the user is a scrupulous cookie-manager and refuses to re-authenticate a computer more than once), so adds minimal value over regular SSL.
See site key: http://en.wikipedia.org/wiki/SiteKey