that... doesn't look very secure at all...
just build your own version... let them save something on their computer, and have a way to read it from their computer and display it back to them from your server...
dont' put it in a cookie though or it'll break security.
basically, this is how it works afaik:
- you create an image on your computer
- you tell their servers where to find that image on your computer
- when you go to log in, their servers grab that image off your computer and show it to you
it's working kinda like an AIM profile message... if you change computers, your profile changes because it's saved locally on your computer and not their central servers. a phishing site wouldn't know where to find the file you told yahoo to find, so they couldn't spoof the site as easily.
this is to try to prevent phising... which is when somebody kites you to a fake site and steals your information... it doesn't prevent people from stealing passwords from their servers.
<rant> IMO, if you're dumb enough to get your password stolen like that, you deserved it... there are too many dumb people in america, and it's because we let them get away with it... for example LD50... why? if you drink that much poison to where you need to know what the LD50 is, you need to die anyway... and the people that even know what LD50 is aren't stupid enough to drink the stuff in the first place... sooo many dead animals... for what? </rant>