Aw come on, all you have to do is let your users choose an icon of their favorite animal or sport, save that as an account preference, and show it to them while they enter their password. We don't need better certificate verification!
Yahoo did something very much like that about 5 or 6 years ago: inviting me to upload an image file, then telling me to make sure the image is present every time I log in.
I upload an image file; the next time I found myself at Yahoo's login prompt, the image file was there; the time after that, it was absent. It has not re-appeared since.
Just offering a data point: I don't know enough to have an opinion about the technique.
I thought about this for a second, and what it does do is take an "offline" phishing attack and make it an "online" phishing attack that presumably has logs and can be throttled.
