We're turning off Clickpass March 15. How to keep your HN account.
(1) put your email address in your profile (no one can see it except you and us), then
(2) change your password by going to http://news.ycombinator.com/changepw.
(1) put your email address in your profile (no one can see it except you and us), then
(2) change your password by going to http://news.ycombinator.com/changepw.
[+] [-] KevinMS|14 years ago|reply
I spent a day implementing openID for the users of my website, because I realized, hey, what a cool idea, a URL can represent a single user on the internet, and that user can authenticate against it universally.
The sad truth was that I could not expect a single one of my users to even understand what the hell was going on, because for most test openID accounts I set up on yahoo, etc, I couldn't figure out how to use them. Only the hand-holdy sites exclusively for openid even bothered to tell me what my personal URL was and how to use it.
That was when I realized that Clickpass only exists because the implementation of OpenID was a total pooch screw.
If the OpenID standard had required it be simple, like the URL must follow this template - google.com/openid/kevinms and yahoo.com/openid/kevinms, and the user just pasted this into the box, I think it might have been a success. But because they didn't, and they convoluted it more with the concept of your "unique identity on the internet", you need third party services, which are unnecessary layers that are completely confusing to the user.
[+] [-] justjohn|14 years ago|reply
That way I don't have to remember another identifier and we already trust at least part of our identity to our email provider. Not perhaps as open, but much more approachable as a user.
[+] [-] ww520|14 years ago|reply
[+] [-] Poiesis|14 years ago|reply
Offtopic, but I used to think that too until a coworker I'd never met emailed me using that address, warning me that apparently the proxy had cached my view of my profile page and he was able to view it. Has this been fixed yet?
[+] [-] ComputerGuru|14 years ago|reply
Whatever you do, there will always be a non-trivial number of ISPs and company networks that have misconfigured proxies that overzealously cache sensitive data and display to everyone with not a care in the world.
[+] [-] biot|14 years ago|reply
Your system is setup to ask your corporate proxy to fetch unencrypted pages for you. That proxy may be configured to make a physical printout on your boss's printer of every page you request and there's nothing YC can do about that beyond offering https://news.ycombinator.com/ for you to use. That, too, may not be sufficient if your company has its own trusted SSL cert installed which is used to proxy and intercept everything so that all your internet activity can be decrypted.
[+] [-] immad|14 years ago|reply
I wrote the HN code in about 2 days and I was learning lisp/arc so it was awful code (RTM did the openID part) and literally no one has touched Clickpass code for 2.5 years. The fact that it still works is always surprising to me :).
Also I think Oauth beat OpenID hands down.
[+] [-] dshah|14 years ago|reply
And yes, OAuth did beat OpenID, but they're not really the same kind of thing.
[+] [-] petenixey|14 years ago|reply
[+] [-] petenixey|14 years ago|reply
OAuth has definitely trumped OpenID as a protocol but turning off Clickpass shouldn't be seen as a reflection on either protocol and is simply removing a dependency on unsupported and remotely hosted code.
Immad did an incredible job of writing code that has run and run however since acquisition there is minimal and subsequently no support behind the codebase.
I would like to thank both PG and the users of Clickpass here who have been such ardent supporters of it over the years. We tried hard to make it attractive to developers and we received a lot of support for that - thank you.
[+] [-] candeira|14 years ago|reply
[+] [-] manuscreationis|14 years ago|reply
[+] [-] spicyj|14 years ago|reply
[+] [-] alt_|14 years ago|reply
[+] [-] dragonFury|14 years ago|reply
[deleted]
[+] [-] dazbradbury|14 years ago|reply
Clearly people are using it (given this message), and as many of us are web developers, the thought process behind this decision would be potentially very interesting.
Do you plan to move to a different system (FB Connect/Twitter/Google Identity Toolkit), or are you happy with a standard username/password model?
Are too many people joining HN and you simply want to add some friction to the process?!
Also, clickpass will need to update their site:
http://www.clickpass.com/docs/where-you-can-use-clickpass
[+] [-] rb2k_|14 years ago|reply
Putting your email address in your profile is important. I once used to be "rb2k", but then I forgot the password I used back then and ended up as "rb2k_". There is no way to reset the password on an account if you're not adding an email :(
[+] [-] StavrosK|14 years ago|reply
[+] [-] latchkey|14 years ago|reply
[+] [-] dotBen|14 years ago|reply
Sad, I think HN was one of my last consumers of my OpenID account.
[+] [-] sp332|14 years ago|reply
What's funny to me is how many sites rushed to be OpenID providers, but there were not very many consumers. I tried counting once but I lost count at 15 OpenID accounts that I have from various sites. So much for single sign-on.
[+] [-] pnathan|14 years ago|reply
[+] [-] rickette|14 years ago|reply
[+] [-] jzila|14 years ago|reply
(just FYI, until this decision, HN had the most seamless signup procedure I've ever encountered on a website)
[+] [-] DiabloD3|14 years ago|reply
[+] [-] sciurus|14 years ago|reply
http://techcrunch.com/2008/03/11/clickpass-could-change-the-...
[+] [-] swapsmagic|14 years ago|reply
[+] [-] mbq|14 years ago|reply
[+] [-] drivebyacct2|14 years ago|reply
Huh?
[+] [-] MichaelApproved|14 years ago|reply
[+] [-] ars|14 years ago|reply
[+] [-] Splines|14 years ago|reply
[+] [-] wickedchicken|14 years ago|reply
[+] [-] vessenes|14 years ago|reply
[+] [-] eslaught|14 years ago|reply
[+] [-] wizard_2|14 years ago|reply