[Hnrobert42]

Then, is the login alias sort of a password? In that, it is something you know.

[Lukas_Skywalker]

In a way, yes. I don't count on it being private though. But it appears nowhere online, so it's not used by credential stuffers or other bots.

[BiteCode_dev]

Yep, back to passwords, but less secure ones.

[ramses0]

joe@smith.com, joe.smith@bigcompany.com

...those will get "drive by" attacks no matter what.

Interesting that they're letting you alias it back to "coolkid5674321" again...