There is a solution to this, user side. You can _easily_ use a different password for each site, without the need to remember them, without storing them. Really. The idea is to hash+salt your password on the client side, on the fly (with a deterministic salt that depends on the site you visit). Instead of entering a password directly in the password field, you can install a bookmarklet/extension that takes you password, processes it through the salt+hash and fills the password input for you. This way you don't have to trust every webmaster of every sites you visit, since you send them a different password for a different url. A few extensions/bookmarklets implement this (but don't use the bookmarklets, it is not really secure): - password hasher - hash a pass - supergenpass