[mscharrer]

Some sites let the user provide a email address in order to allow password reset, but don't force it. I think this is a good practice.

[yoz-y]

Marco Arment has had problems with this and resumed it quite nicely in the Overcast FAQ (scroll a bit down for the relevant part): https://overcast.fm/skeptics_faq

[soft_dev_person]

If you have any kind of non-tech savvy users, it's a terrible practice, as you would be flooded with support requests on how to get into their accounts with no way of verifiying the actual owner.

[markyc]

yes.. even having an unconfirmed email address can get really messy when you need to get in touch with someone but just can't because the address is invalid