When it comes to login or authentication schemes for web pages you have a few choices.  

1. Authenticate with email address and a password.
2. Authenticate with a user name (either system or user generated) and password.
3. Authenticate with an account number (or some relevant identifier) and password.
4. Authenticate with an account number (or some relevant identifier) and pin or other unique identifier (SSN, address, etc).

Each of these schemes has its own unique merits.  The most popular is probably number one above.  The email address is usually one of the easiest logins to remember.  However a potential stumbling block is the situation where multiple unique users share an email address.  It’s hard to believe that this seems logical to a person when email addresses are a free commodity.  

Number two is probably the second most popular as it eliminates the problem from number one, however it introduces the problem that a user must remember some kind of random user name because they probably won’t get the one they want as it will already have been taken.  This increases the possibility of support calls and user frustration.

Number four is becoming more common especially for financial services and other highly regulated or secure environments.  All information is meaningful and unique.

My preference is usually number one.  It’s common and easy to understand and the draw backs are easily remedied by the forcing of a unique email address.

I choose number four as my second choice.  It’s more complex to implement but it provides a higher level of security while using relevant customer/user information.  This would prove especially effective if the required login information changed randomly like many financial institutions authentication schemes.