Why use usernames and not just email addresses to identify users?
Your question is missing a lot of context, but what you do say sounds like you’re looking to settle an argument. So my answer will start with “It depends...”
One reason to have unique usernames that aren’t email addresses is to protect privacy when other users can see the username. For example, GitHub profiles indicate the username in the profile URL, and as authorship indicators on commits, issues, comments, etc.
Providing a username as the user’s public face instead of their email address allows them a layer of privacy.
In some rare cases, a service may elect not to collect email addresses at all... since email addresses can be considered sensitive and personally identifiable information. The downside to not collecting an email address at all is that account recovery for someone who forgets their password, or has their account breached, will be more difficult without a verified channel to use for recovery.
Or for the hybrid approach, one might collect the email address, but store it in the database behind strong encryption. Strong encryption is generally difficult to search on, so having a less sensitive identifier to use that can be store in plaintext would be convenient.
E-Mails are in fact used for user identity on many websites.
There are advantages and disadvantages to this. An incomplete list:
Advantages
- the problem of uniqueness is solved already
- no need to come up with or invent a username
- you don't need to ask the e-mail address additionally
Disadvantages
- people do sometimes change their e-mail address
- it often exposes the e-mail address publicly (spam, harrassment, etc. issues)
- depending on context, people might want to have a username, not an address
A common and secure solution is to have both a displayed username and using the e-mail address to log in.
It depends on the type of application. If it's a forum, it makes sense to add another layer of usernames for a couple of reasons:
Mask the e-mail address from public (you need to have a display name, and many people might not want their e-mail address to go public). Though, another option would be to make people login with their e-mail address, and give them an option to choose a display name.
Ease of login (of course, with browsers remembering your login IDs, this becomes less relevant).
If it's some application where the members don't interact with public, probably logging in with the e-mail address would make sense.