Bank of America has been using this for several years. They call it a SiteKey. You select a picture from several they have on the site, and enter a phrase that corresponds to the picture. Every time you go to login, it displays the picture and your phrase. If they don't match, don't login.

"New"?! The Yahoo seal has been there for months!

Part of me thinks this is a good idea. The other part of me thinks that 99% of everyday average users will not notice if their personal picture is not displayed if everything else about the page looks like the real Yahoo site.

So it sounds neat but I wonder if you did a study what percentage of people would actually detect they are on a phishing site because of the photo?

How do you clear flash cookies??

flash shared objects are in my home directory in application data/macromedia/flash player/#sharedobjects
but this might be different on other systems.

I think this is security by obscurity. And it really sucks that the bastardizatious Flash has all their cookies neatly tucked away where no (normal) user can touch them! ( There is an old Firefox plugin to remove them, see http://objection.mozdev.org/ )

Site Keys or Seals are proven weak solutions to robust phishing attacks. There are many ways to circumvent a Site Key, using a proxy-man-in-the-middle attack is one. Obviously, SSL is a deterrent from man-in-the-middle. But users have to understand websites, urls and certificate checking.
At the end of the day, using Site Keys is a nice,visual way to let your customer's know you are proactive about security. But it is far from a silver-bullet to phishing.

@Hank: "...users have to understand websites, urls and certificate checking."

Sadly they don't. http://people.seas.harvard.edu/~rachna/papers/why_phishing_works.pdf

Read the paper and you will see that most people are barely willing to spend the time to check the URL of the site they visit let alone the certificate.