This site isn't really intended for high security. It doesn't matter that much since Hackernews login is only for this site and text posts here are not that valuable. If it was expanded in usage it could be disastrous.
The fact that the admins of this site do manual recovery for example is a terrible practice that no serious providers do. In fact the reason i'm 'AnotherGoodName' rather than my old AReallyGoodName is because i suffered account takeover on this site. The last three posts from AReallyGoodName promoting CoinRace are not me. The rest, including posts for my github projects (i still own my Github) are. https://news.ycombinator.com/item?id=16460663#16461236
I do not think for one second that Hackernews is ready to handle sign ins for things that need more security than this site itself.
The fact that the admins of this site do manual recovery for example is a terrible practice that no serious providers do. In fact the reason i'm 'AnotherGoodName' rather than my old AReallyGoodName is because i suffered account takeover on this site. The last three posts from AReallyGoodName promoting CoinRace are not me. The rest, including posts for my github projects (i still own my Github) are. https://news.ycombinator.com/item?id=16460663#16461236
I do not think for one second that Hackernews is ready to handle sign ins for things that need more security than this site itself.