Yesterday I answered a question on LinkedIn about using username vs email for logins. Both have their pluses and minuses. Usernames are more secure but can be very frustrating for the users.
Most developers fail to understand what the user will have to go through when registering. One of the worst experiences I had with a sign-up page would be where all the information was asked on one page and validation was done server-side. Why is this bad? Well, I was asked for username, password, security question and asked to validate with CAPTCHA. Most of the time, the username a user wants is not available and that was the case with me. After entering all that information, I was sent back to the sign-up page, except now I had to not only re-enter the username, but also the password, security question and answer and the CAPTCHA. Now, consider having to do that five times or more and think how frustrated the user will become.
Incidentally, I also have an interesting experience regarding the security question. I was setting up an account for my wife and the security question was city of birth. The city where she was born is four characters long, however, I was informed that that's too short and a city name has to be at least five characters long. So, if you were born in a city with four characters or less, tough luck, go use some other site.