It's still security through obscurity, fellas. Any entropy you can add to your "secret userid" is entropy you can add to your password. It's not another "factor" in authentication any more than a second or third password field would be.

The Mat Honan thing was more about a flaw in Amazon's security procedures at their call centers, and in Apple allowing people to reset their password with just the last 4 digits of the credit card number.

It's true that if you use the same email address or userid across multiple sites you're screwed if you also use the same password on other sites, so the solution is to stop doing that. Having to remember different userids across dozens and dozens of sites causes more problems than it solves -- better to store all of your secret entropy sauce in a single field and not have to remember which username you used.
_________________________
- Tony C
my empeg stuff