The reason these folks use email addresses rather than user names is that you're likely to actually remember your email address. Versus the craptastic problem when your preferred username is already taken. "dwallach", nope. "danwallach", nope. "dswallach", nope.
That said, the *real* right answer is for these sites to delegate to a handful of OpenID/OAuth providers to authenticate you. I'd like to have some super-fancy two-factor contraption with Google, and then let everybody else just ask Google to prove that it's really "dwallach@gmail.com" on the other end of the line.
Yeah, sure, OpenID/OAuth are very much a work in progress, but damn it they're the right idea.
Previous Topic
Index
