As I'm sure many of you realized, as of May 1 users can no longer log in using email address as a credential. This was positioned as a security enhancement.

I've been in online marketing and ecommerce for a little over 5 years and this completely vexes me. Why is logging in with an email address less secure than a user name of fewer characters and complexity? Did they really have an issue with people gaining unauthorized access because of email as a user name?

I ask for two reasons:
1) Is there an underlying concern about email as an authentication credential of which I'm unaware? (As far as I know, it's fairly standard)

2) If not, ..., Delta?

Edited to add: If security is really such a concern, why not edit their data tables to allow for special characters in the password field? All characters should be allowed, and password length should not be limited below 30 chars.