This section is about the technology and security. For generic questions please refer to
Tour, FAQ, Why Mashed Life, Discussion Forum and Belorussian translation

Here you can see *How Mashed Life works, and *Why it better protects you?


Translations: Croatian
How it works?

When you navigate to a site's login page, click on Mashed Life's bookmark from the browser. From your browser, the Mashed Life bookmark sends the login page and a big random number with the request as the key to further encrypt the communication on top of SSL.

The bookmark is actually a "bookmarklet", a small piece of Javascript code that performs the bookmark login action for you.

Because the bookmarklet code knows which site you are at when you click on the login bookmark, you need only one Mashed Life login bookmark to log in to all sites.
Mashed Life authenticates the request, verifies the requesting user is logged into his/her Mashed Life account, then retrieves the account stored in Mashed Lifefor the service site (eg. Digg.com), encrypts it and sends it back via the secure HTTPS session.
Mashed Life bookmarklet decodes encrypted information inside your browser, fills in your account login information, and logs you in. All this happens with just one click without the user to type in the username/password.

Mashed Life is not a proxy. It is just filling out the login form to help the user log in, then transfers the control back to the user's browser to communicate with the target site directly. No communication goes through Mashed Life after you are logged in to the target site (eg. Digg.com).



Why Mashed Life Better Protects You?
    You can stop storing passwords in the browser's password manager now -

    Browser password managers are not only non-portable across computers, but it is also a major security risk.

    It is demostrated by this open-source tool that programatically extracts passwords from your IE and Firefox password managers.

    Still don't think so? See reviews by other security experts:


    Stop using the same password for all sites -

    Now you can finally use long, complex, different passwords for each site and no longer need to worry about forgetting them.

    Mashed Life Secure Key is immune from key loggers

    Mashed Life supports Secure Key for strong authentication. And the login is immune from key logger attacks in this way:

    We ask & verify Secure Key's OTP (one-time password) first, we don't ask the user to type in PIN + OTP at once to avoid key loggers stealing the user's OTP + PIN altogether to use them for account takeover before the user's OTP validation request reaches the validation server.


    • If the key logger steals the OTP and uses it first on Mashed Life, the user's OTP validation will get a REPLAY error. Then the user will not be prompted to enter the PIN, so the PIN will not be stolen.


    • If the key logger steals the OTP, waits for the user to enter the PIN to steal them both, the stolen OTP will get a REPLAY error since the OTP will already be consumed by the user at that time.


    • After logging in to Mashed Life....

      Mashed Life's login methods fill the user login form without touching the keyboard buffer. So any key logger trying to sniff the keyboard buffer or keystroke events will get nothing.

    So you can use a public PC to log in to Mashed Life and to accounts stored in it safely immune from key loggers.

    The PC you need to protect well is the one you do data entry of your account information.

    Remote logout

    I forgot to log out from a public PC? What should I do?

    If you have a auto-logout timer set for your Mashed Life account, it will log you out automatically then.

    Or, when you log in to Mashed Life, from the header bar it will show other concurrent sessions logged in to your Mashed Life account. And you can log out those sessions remotely. We don't do that automatically for you since sometimes you may have multiple browsers open on multiple PCs for convenience. We provide the power and options and leave the decision to you.

    Audit login history

    You can audit the login history to your Mashed Life account:



    For each account saved in Mashed Life, you can audit the login history, identify each login request's IP address and locate it on a map: