Why not in addition to requiring a password... give the user a 255x255 grid (Total 65,000 boxes). Require the user to place 3 symbols on the grid, by clicking, not within the vicinity of any two symbols lining up horizontally, diagonally, or vertically, and not within a certain euclidian distance of any other symbol.
The symbol in a box can be placed in the center, left edge, right edge, bottom edge, top edge, upper-left corner, upper-right corner, lower-right corner, or lower-left corner.
In addition to the password, the placement of the symbols must be remembered (which box, and where in each box, each marker was placed).
The result is an extra ~19 bit field.
Then a heavy work-factor PBKDF2, BCrypt, or SCrypt hash of this 19-bit field could be appended to the password.
Thereby, creating a password augmentation that will be very difficult to brute force