Omg, yikes. Email is the universal "password reset" mechanism for the whole web too. Re-using emails sounds like a bad plan just from the start, surprised services allow that.
I've gotten bitten by Google locking me out of an account because I hadn't logged into it in a long time, and the device that I used to log into it was stolen long ago. Even though I have full access to the recovery email address on that account, because it's an unknown device, Google blocks me from accessing it.
In a similar way but a different mechanism, I also had the same thing happen with some accounts which I had opened up using my mobile phone number. I have struggled with mental illness throughout my life, and one of the things that can happen through crises in particular that can have vicious consequences is having no ability to regulate your behavior, in particular your finances, so you easily and quickly wrack up debt, cash out retirement accounts and blow through all that money, and being unable to pay your phone bill (or any other bill) leads you to losing that phone number, and any account which you access through that number.
The systems that we use as a society to authenticate identity for access to digital services and systems, is incredibly punishing to people who struggle with mental health issues. It's a bit of an own goal, since some of the potential solutions to it are potentially technical in nature rather than requiring legislative or societal action.
That said, the difficulties presented by the digital world to people who struggle with mental illness pale in comparison to those they face in the physical world, and how ineffective the society, governments, and medicine are at helping those people, sometimes hurting them in that process through lack of training, ability, and the flaws in the design of the overall systems.
Not just for people with mental illnesses, think about our aging population and anybody in general: there are too many signals to regulate a modern functional life, saying that it is stressful by design would be an understatement.
To be fair, email account providers - and particularly free ones like hotmail/yahoo/gmail - never agreed to be your partner providing banking/military grade security to the rest of your online accounts. Same as how your telco never agreed to have SMS be a secure protocol for 2FA or password resets.[1]
Far from being surprised free email services "allow reusing emails", I'm way more surprised that orgs like banks and PayPal and crypto exchanges allow using email or sms as "secure reset or 2FA" protocols.
