Bad solution, email is slow and unsecure. I also have always hated identities linked to email in anyway. It's wrong way and that's it. Also allowing password recovery via email is dangerous, because email isn't secure either. Email is secure if you use GPG, and in that case it would be better to login by signing nonce with your private key and returning signature to site, which can verify it against your public key.