Systems and methods for protection against theft of user credentials

The invention claimed is: 1. A computer system comprising: a memory; and at least one processor coupled to the memory and configured to: receive a sequence of characters within a field of a web browser, the field being associated with a password entry field served to the web browser from a website; store the received sequence of characters and send an alternate sequence of characters to the web site; encrypt the received sequence of characters to generate a received encrypted partial password; compare the received encrypted partial password to one or more entries in a list of encrypted partial passwords; and in response to the comparison resulting in a difference, delete the previously sent alternate sequence of characters, and provide a password comprising the stored sequence of characters to the web site. 2. The computer system of claim 1 , wherein the at least one processor is further configured to send a sequence of backspace characters to the website to delete the previously sent alternate sequence of characters. 3. The computer system of claim 1 , wherein the alternate characters are sent to cause a cursor advance associated with each received character. 4. The computer system of claim 1 , wherein the at least one processor is further configured to perform a security action in response to the comparison resulting in a match. 5. The computer system of claim 1 , wherein the at least one processor is further configured to detect passwords provided to visited websites over a selected period of time and encrypt the detected passwords to generate the list of encrypted partial passwords. 6. The computer system of claim 1 , wherein the at least one processor is further configured to identify a uniform resource locator (URL) associated with the website; determine an absence of the URL from a history of visited URLs for which a password has been entered; and recognize the URL as a URL for which protection is to be provided based on the determination. 7. The computer system of claim 1 , wherein the at least one processor is further configured to identify a URL associated with the website; receive a list of suspect URLs generated by a URL reputation manager; match the URL to an entry in the list; and recognize the URL as a URL for which protection is to be provided based on the match. 8. A computer system comprising: a memory; and at least one processor coupled to the memory and configured to: detect login elements served to a web browser from a website, the login elements including a password entry field; generate an overlay of the login elements; receive a sequence of characters within a password entry field of the overlay; encrypt the received sequence of characters to generate a received encrypted partial password; compare the received encrypted partial password to one or more entries in a list of encrypted partial passwords; and in response to the comparison resulting in a difference, provide a password comprising the received sequence of characters to the password entry field of the login elements served from the website. 9. The computer system of claim 8 , wherein the at least one processor is further configured to perform a security action in response to the comparison resulting in a match. 10. The computer system of claim 8 , wherein the overlay mimics the login elements served from the website. 11. The computer system of claim 8 , wherein the at least one processor is further configured to detect passwords provided to visited websites over a selected period of time and encrypt the detected passwords to generate the list of encrypted partial passwords. 12. The computer system of claim 8 , wherein the at least one processor is further configured to identify a uniform resource locator (URL) associated with the website; determine an absence of the URL from a history of visited URLs for which a password has been entered; and recognize the URL as a URL for which protection is to be provided based on the determination. 13. The computer system of claim 8 , wherein the at least one processor is further configured to identify a URL associated with the website; receive a list of suspect URLs generated by a URL reputation manager; match the URL to an entry in the list; and recognize the URL as a URL for which protection is to be provided based on the match. 14. A computer system comprising: a memory; a user interface; and at least one processor coupled to the memory and configured to: receive a message from a remote web browser, the message indicating a change of input focus to a password entry field served to the remote web browser from a website; receive a sequence of characters from the user interface; store the received sequence of characters and send an alternate sequence of characters to the remote browser; encrypt the received sequence of characters to generate a received encrypted partial password; compare the received encrypted partial password to one or more entries in a list of encrypted partial passwords; and in response to the comparison resulting in a difference, provide a password comprising the stored sequence of characters to the remote browser. 15. The computer system of claim 14 , wherein the at least one processor is further configured to send a sequence of backspace characters to the website to delete the previously sent alternate sequence of characters, in response to the comparison resulting in a difference. 16. The computer system of claim 14 , wherein the alternate characters are sent to cause a cursor advance associated with each received character. 17. The computer system of claim 14 , wherein the at least one processor is further configured to perform a security action in response to the comparison resulting in a match. 18. The computer system of claim 14 , wherein the at least one processor is further configured to detect passwords provided to visited websites over a selected period of time and encrypt the detected passwords to generate the list of encrypted partial passwords. 19. The computer system of claim 14 , wherein the at least one processor is further configured to identify a uniform resource locator (URL) associated with the website; determine an absence of the URL from a history of visited URLs for which a password has been entered; and recognize the URL as a URL for which protection is to be provided based on the determination. 20. The computer system of claim 14 , wherein the at least one processor is further configured to identify a URL associated with the website; receive a list of suspect URLs generated by a URL reputation manager; match the URL to an entry in the list; and recognize the URL as a URL for which protection is to be provided based on the match.