Re: We need a browser extension...
@Charles9 : If hackers can attack the browser, they can log keystrokes. The solution I propose is not a panacea; the only things it really addresses are removing site-specific limits on passwords and ensuring that sites never see an unhashed password. As a result, they cannot lose an unhashed password, something they currently do routinely. If the hash is salted -- you'd hope this would be a no-brainer -- then anything you lose can only be used on that one site, so it provides some security against password re-use.
This scheme does _not_ protect against other hazards; hackers can, for example, intercept the hashed password and send it to log into that particular site (i.e., you still need HTTPS) and can keylog, shoulder-surf, etc. I don't see any panaceas. You need complex passwords, salted and hashed so they can't be easily deciphered, limits on how many password attempts are allowed in a particular time interval, 2FA, and HTTPS... even though no one or two of these alone are sufficient.