[trollbridge]

Use a platform like Authentik where the immutable characteristic of your user is a UUID.

Allow them to sign in with OpenID, etc., to put one (or more) e-mail addresses on (obviously those e-mails end up unique to that account), in my case, I always force-link e-mail addresses from Google's OpenID (mostly to prevent people accidentally creating multiple accounts). Allow phone numbers too!

Also allow usernames (and just automatically generate them); the user can change their username if they really want to.

Every other dependent system should only be using the UUID. If you have some dumb legacy system that insists on e-mails for a primary key, have an internal only domain and hang the UUID off of that.

There is a specific use case when two people want to have their own accounts but share an e-mail or a phone number for logging in. In that case you want to just let the user pick a "primary" email address and "primary" phone number (which is the only one they can log in with as a user ID) and the secondaries are just for verification. This is kind of common with people who want their spouse's phone to be able to get into their account for example (a pretty common use case for one of our apps, although they're technically supposed to make their own accounts, we allow this simple form of sharing).