But Dan, using usernames is precisely part of the same problem and something that is in fact already done. Example: Twitter.

Using the public name for login is bad. So if the public login is NOT an email address, then using an email address is perfectly acceptable. If an email address is the public name, then using a different email address as the login name would be acceptable.

The specifics of the issue vary from site to site.

The bottom line for me is that I'd really like to not give away half my login credentials to sites like PayPal and Twitter.