[zaroth]

To be secure, your app would tell the user what code to add. So after I tell you I'm 'zaroth', you say please add 'gHypQwnm' to your about (show a link to https://news.ycombinator.com/user?id=zaroth) and a link 'Verify'.

I add it, submit, click back twice, click verify on your site, and then go back to my HN profile and remove it. It sucks from a user interaction standpoint, but better than asking the user for their HN password!

[vargas84]

The password I am asking for is completely independant from your HN password. I make note of that in the text underneath the form area but you are not the first person to assume that I'm referring to one's HN password. You are absolutely right though, as a user, I would never give up my HN password to a random 3rd party. Your authentication implementation idea completely sidesteps any ambiguity - I'm going to go ahead and move towards this as soon as I can. Again, thanks for your feedback!