Researchers at Stanford University have developed a browser extension that:
transparently converts a user’s password into a domain-specific password. The user can activate this hashing by choosing passwords that start with a special prefix (@@) or by pressing a special password key (F2). PwdHash automatically replaces the contents of these password fields with a one-way hash of the pair (password, domain-name). As a result, the site only sees a domain-specific hash of the password, as opposed to the password itself.
Web Password Hashing
This is aimed at those of us — most of us, perhaps — who use one . . . [more]