Simon's approach seems very generalized - subtype the user class and add a new authentication field there, and drop in new registration/login pages that match.
Of course, some folks may want systems that don't require e-mail addresses at all, which I think is where Jon's headed with his comments.
