Another idea for an alternative password would be a picture based password.  The idea is that the user uploads a bunch of images.  Some might have faces and others might be scenes etc.  The system would then ask the user to select like 5 of the images from the set of images.  The user would then be asked to trace a free form closed region on each of those 5 images.  The system records those regions.  Accompanying the standard password the user would have to draw that region (within some error bound).  This would be useful as a second precaution.  Might be a pain to do though…