Our users expect to be able to login with their email address, and receive a 'wrong password' error when they attempt to login.
They may be using the right password, and their username is in there too so they can get quite confused.
Could login be changed to fail softly on username. i.e. if username + password fails, Confluence checks to see if the password is valid for the user with that email address.
User behaviour also experienced by: