This is cute: PwdHash is a browser extension that will replace text entered into a password field with a hash of the password + domain name of the website. That lets you use a single password for different sites without revealing, say, your PayPal password to your bank and vice versa. As the creators point out, this is also pretty good protection against phishing scams (since they’ll collect the wrong password since their domain is different). It’s still vulnerable to pharming and other attacks that poison your DNS or webcache results, but their paper goes into all sorts of clever attacks that they do try to defend against, like Javascript and dictionary attacks.
(by way of the Mercury News)