Should users log in to my website using...

1.) Email
2.) Username
3.) Either

The way I have things currently, a user logs in using Email/Password, but once they are logged in, they are identified by Username. That way, other users would never know your email.

This seems okay to me, but when I think about it, it seems like most websites I visit use Username/Password to log in?!

Thoughts?

Sincerely,


Debbie

P.S. To be honest *security* is more of a driver to me than "usability"...