The bookmarklet solution to the password problem
Anyone who makes heavy use of the internet has run in to the password problem: dozens of user accounts on sites with varying degrees of trustability, leading to an unmanageable proliferation of username and password combinations. The temptation is to use the same combination on multiple sites, but doing so opens you up to the horrifying prospect of a security flaw in one site compromising al of your other accounts.
I was burnt by this a few years ago: a small community forum on which I was a member was cracked, and my account was then used to log in to another larger forum to which I had administrator acccess. Thankfully no permanent damage was done, but it taught me a valuable lesson in password security. Since then I’ve maintained a number of different combinations each with a different level of associated trust: if my account on Joe’s random forum is cracked it won’t lead to the compromise of my Amazon account!
There are a couple of minor flaws in the bookmarklet: the master password prompt is in plain text rather than masking your input with asterisks, and the bookmarklet could leave you high and dry if a site changes the domain on which their login form resides without you noticing. The first could be solved by extending the bookmarklet to append a “master password” field to the page using the DOM, while a solution to the second would require some kind of server-side store of the domains at which the initial accounts were created.
Quibbles aside, it’s an ingenious solution to a pervasive problem.