I haven't yet decided how I feel about this vs a full password manager (with unique passwords per site), but do kind of like the idea there's no account/vault: literally the entire usage is via a single password.<p>I have a suggestion to greatly increase usability:<p>Right now, as the owner points out, this relies on using a password starting with @@ to trigger this mechanism (which is a usability issue), and relying on the user entering their passwords into the web page (which is a phishing danger).<p>Given this already requires a browser extension, move the password to a UI within the extension, and instruct the user not to ever enter their password anywhere else (on why page directly). Use a button in the browser extension to trigger filling in the site-specific password. This avoids phishing the main password, avoids the @@-prefix requirement, and the extension could now also cache the password for some amount of time so the user doesn't need to re-enter it.<p>Interesting idea/project nonetheless.<p>Edit: oops, just noticed this is from 2009. I noticed lack of Chrome but not the ancient browser versions! Did this go anywhere?