[curiousyogurt]

Ah, but the way the authentication works, you are not actually giving me a Facebook/Twitter password. You actually log in through their systems, and then they let my website know that you are authorized. I never get the password information.

I use the same system used on http://decafsucks.com/login. The authors suggest (perhaps some bias here) that one of the reasons decafsucks.com has had success is they were able to avoid asking for yet another password, and instead piggy-backed on Facebook/Twitter.

Do you think assuring users that I don't get the password (you can see this when you click on one of the login options) is enough, or should I get to work on a separate authentication system?

[tropin]

Sorry if nobody likes this (by the downvoting) but it's the way things are.

Is exactly the same problem with the authentication in AppEngine applications. We never see the passwords, just Google telling us this person is really this user, but people don't care about the details, we just don't want to share our passwords.

Note that I myself have to use this scheme and even I didn't check your web just because of the authentication problem.

This makes me remember to tell you one more thing: don't ever expect your users to read anything you write on your web.

EDIT: Also, it's a bit silly, but try to put some screen captures to get more conversions, even if it's a text based game.