Cybersecurity mystery 2

We have some readers who care about cybersecurity, based on the comments to the last post.

So let me discuss a second cybersecurity mystery.

***

I cannot understand why many of the organizations that claim they care about cybersecurity keep forcing users to enter our email addresses as user names. Over time, I noticed that websites that previously allowed me to sign on using a made-up user name now require I enter my email address instead.

An email address is a key piece of personally identifiable information (PII). Many vendors will use email addresses as their match key to open up a database of personal data.

I understand that the user information is sent encrypted so the chance that it would be stolen is small. But the chance that the email is leaked is zero if I used a made-up user name.

So the question is: what is the benefit of using email addresses as user names instead of some other identifier?