How it works?
When you navigate to a site's login page, click on Mashed Life's bookmark
from the browser. From your browser, the Mashed Life bookmark sends the
login page and a big random number with the request as the key to further
encrypt the communication on top of SSL.
The bookmark is actually a
that performs the bookmark login action for you.
Because the bookmarklet
code knows which site you are at when you click on the login bookmark, you
need only one Mashed Life login bookmark to log in to all sites.
Mashed Life authenticates the request, verifies the requesting user is logged
into his/her Mashed Life account, then retrieves the account stored in Mashed Lifefor the service site (eg. Digg.com), encrypts it and sends it back via the
secure HTTPS session.
Mashed Life bookmarklet decodes encrypted information inside your browser,
fills in your account login information, and logs you in.
All this happens with just one click without the user to type in the
Mashed Life is not a proxy. It is just filling out the login form to help the user log in,
then transfers the control back to the user's browser to communicate with the target site
directly. No communication goes through Mashed Life after you are logged in to the target site (eg. Digg.com).
Why Mashed Life Better Protects You?
You can stop storing passwords in the browser's password manager now -
Browser password managers are not only non-portable across computers, but it
is also a major security risk.
It is demostrated by this open-source tool
that programatically extracts passwords from your
IE and Firefox password managers.
Still don't think so? See reviews by other security experts:
Stop using the same password for all sites -
Now you can finally use long, complex, different passwords for each site and no
longer need to worry about forgetting them.
|Mashed Life Secure Key is
immune from key loggers
Mashed Life supports Secure Key for strong authentication.
And the login is immune from key logger attacks in this way:
We ask & verify Secure Key's OTP (one-time password) first, we don't ask the user to type in
PIN + OTP at once to avoid key loggers stealing the user's OTP + PIN altogether to use them
for account takeover before the user's OTP validation request reaches the validation server.
So you can use a public PC to log in to Mashed Life and to accounts stored in it safely
immune from key loggers.
- If the key logger steals the OTP and uses it first on Mashed Life, the user's OTP validation
will get a REPLAY error. Then the user will not be prompted to enter the PIN, so the PIN will
not be stolen.
- If the key logger steals the OTP, waits for the user to enter the PIN to steal them both,
the stolen OTP will get a REPLAY error
since the OTP will already be consumed by the user at that time.
- After logging in to Mashed Life....
Mashed Life's login methods fill the user login form without touching the keyboard buffer.
So any key logger trying to sniff the keyboard buffer or keystroke events will get nothing.
The PC you need to protect well is the one you do data entry of your account information.
I forgot to log out from a public PC? What should I do?
If you have a auto-logout timer set for your Mashed Life account, it will log you out automatically then.
Or, when you log in to Mashed Life, from the header bar it will show other concurrent
sessions logged in to your Mashed Life account. And you can log out those sessions remotely.
We don't do that automatically for you since sometimes you may have multiple browsers open on
multiple PCs for convenience. We provide the power and options and leave the decision to you.
Audit login history
You can audit the login history to your Mashed Life account:
For each account saved in Mashed Life, you can audit the login history,
identify each login request's IP address and locate it on a map: