We describe Passpet, a tool that improves both the convenience and security of website logins through a combination of techniques. Password hashing helps users manage multiple accounts by turning a single memorized password into a different password for each account. User-assigned site labels (petnames) help users securely identify sites in the face of determined attempts at impersonation (phishing). Password-strengthening measures defend against dictionary attacks. Customizing the user interface defends against user-interface spoofing attacks. We propose new improvements to these techniques, discuss how they are integrated into a single tool, and compare Passpet to other solutions for managing passwords and preventing phishing. Categories and Subject Descriptors C.2.0 [Computer-Communication Networks]: General—Security and protection; H.3.5 [Information Storage and Retrieval]: Online Information Services— Web-based services; H.4.3 [Information Systems Applications]: Communicati...