In a recent side-project ( nightchamber.com ) I experimented with the idea of something like a "God Login". A user account is automatically generated on first visit and keyed against a uuid, the id is then stuffed into the session, and used to make a link the user can bookmark to get back to their "account".
As long as that link/id remains secret, the user has a unique account to use with no effort on their part.
I'm still not sure this is a good idea, but it seems to work for nightchamber, where the account doesn't actually have much value, and there is no valuable information an attacker could gain by "compromising" the account.
Have you considered being able to convert between an automatically-generated link/id user, and a username/password user? That way someone could potentially make a more "permanent/secure" account from the easy one. This might require removing a generated account if someone logs into an existing account from a new browser though.
I'm pretty sure at some point we'll have features which are worth protecting and at that time we'll need to offer an opt-in stronger method of account security.
EDIT: for some reason I can't reply to FreezerburnV's comment below, so I'll answer here: yes, I would be interested in talking further about this, drop me an email (in my profile)
Out of curiosity: Are you looking for any casual code contributors? The main ideas behind the site (automatic anonymous account, "slow" web kind of thing where you only see updates once a day, possibly seeing some interesting thought-provoking stuff each day) are actually pretty interesting, and I think I'd enjoy helping out with what you're working on. I have a job and my own side project(s), so I can't say I'd be really in the nitty-gritty of the project all the time, but maybe I could help out here and there.
I would understand completely if you don't want a random stranger on HN touching/seeing your code though :)
I don't see an email in your profile (by clicking on your username attached to the post). I just see submissions/comments. I can send an email to the one listed on the nightchamber about page, or you can check my profile where I just added an email address that I can be reached at. I should have put a contact email in my profile a while ago, my apologies for only having done so now.
I also have been experimenting with "hard to guess" links as the id.
I also am not sure it is a good idea, but one of the by products of this design choice is I had to think harder about what markets I target (I am ruled out of any where the data needs to be protected), how to detect and protect the data of the users in the face of vandals and how to allow for recovery of the data if the vandal countermeasures fail.
While doing this I realized that I should have been dealing with these things anyway and that I was lying to myself about the security of my systems anyway.
I also realized that the login-less user experience is so valuable that until I can replicate it in a truly secure fashion (via client side certificates or something?), I would rather give up on any feature that requires logins.
As long as that link/id remains secret, the user has a unique account to use with no effort on their part.
I'm still not sure this is a good idea, but it seems to work for nightchamber, where the account doesn't actually have much value, and there is no valuable information an attacker could gain by "compromising" the account.