Take for example PayPal... But applies to so many other sites.

The issue: The display name/identity that is shown to the world as part of the web/social site is also what's used to log in.

Sure, it's easier to simply track a single ID and password, but I'd prefer not to be giving out half the required information to log in. Especially for anything financial related, like PayPal, this is really not a wise system. Banks don't use email addresses to log in. They either have a unique (unused elsewhere) ID or they use your bank card #, something that you're not sharing with every Tom Disk and Harry.

For PayPal I'd like to use one ID (which can be an email address, it doesn't matter to me) for login, but have another that is associated with receiving/sending payments only. As it stands, if you add an additional email address to your account, it will be used for everything, just like your primary. DOH!

Another issue, "personal" recovery/validation questions that are not personal to you:

Then you have places that try to be too smart for their own good, such as the recent updates to iTunes asking for additional recovery information. iTunes now forces you to register 3 recovery questions, however for each question they have a pre-determined list of choices. Let's say 5 each, for a total of 15. That's a a decent amount of questions, but still likely that you won't find something in there suitable for you. Even if you find 3, what if all three are in the first group? Well you're screwed, because you'll still have to pick one each from the other groups. I ended up having to pick two questions I'm not likely to easily remember the answers to if I ever need them.