I think something is really broken in today's web authentication scheme. I think there is really huge need for some independent and reliable service (Mozilla's Personas maybe).
For example, if my email is firstname.lastname@example.org, then I would use email@example.com when signing up for Hacker News.
Sometimes, I don't actually remember and just end up going to my inbox to find an email from the site so I can look up what I used.
Another time, this backfired on me when I purchased concert tickets using a +descriptor email and couldn't login. The purchase form and login form had different validation rules, so the purchase form accepted my +descriptor email and charged me for it. The login form rejected my +descriptor email and I was rushing to contact customer service to print my ticket in time.
If someone was directly targeting me, and had my email address from another site, they could probably figure out what I'd used elsewhere. But if it's just a script running through email addresses harvested from site A, then mine will almost always be irrelevant on site B.
The main reason I use it though is that it's a great way to figure out where spam is coming from. Last week for instance I got a "male enhancement" spam from an email address I've only ever given to scan.co.uk. That addres is now on my block list and I doubt I'll be buying through them again.
Sadly this is at best a complicated workaround, that will will work for people that are motivated enough to remember for each different service a separate email and password and additionally to this you have to remember as well the credentials to manage your email address and check the emails from different sites.
In my case it would mean having about 100 email addresses.
With the rise of mobile apps though, we introduce more usernames and password daily.
Believe there is an easier way to handle user authorisation and here is a post about it. https://gist.github.com/4052818
Of course it's better to have a real password manager, but for most people, who don't or can't be bothered setting this up, this would be a huge step forward since they anyway use the same email and the same password everywhere.
Never, ever, re-used passwords for anything you value.
Most people re-use not only the password, but also their email. This is the worst combination.
If you use an unpredictable, unique email address, and use a secure password. Even if it leaks on one site, the attacker has no easy way to predict what your email address is going to be on any other site without having access to the list of email addresses.