You could have people reply to a post somewhere (like in this thread, or one post in this thread). You can make a cronjob that checks every 10-30 seconds, which won't get you banned and is a reasonable time to wait for verification.
Profiles is another option but this requires more traffic and you probably need to authenticate to view profiles (which is not a problem, but there are probably more restrictions on accounts to keep bots out).
It's not even about trusting your website with my HN password, it's about the way it's asked. If people do this, they might do the exact same on any scam website. This kind of behavior shouldn't be encouraged. Even e-mail isn't considered safe to transmit password on, and that's supposed to be private.
Profiles is another option but this requires more traffic and you probably need to authenticate to view profiles (which is not a problem, but there are probably more restrictions on accounts to keep bots out).
It's not even about trusting your website with my HN password, it's about the way it's asked. If people do this, they might do the exact same on any scam website. This kind of behavior shouldn't be encouraged. Even e-mail isn't considered safe to transmit password on, and that's supposed to be private.