You would need to hook up into authentication event, check if user got authenticated by Kentico (e.User != null) and if not (e.g. user is using email vs. his username) get username by email and try to authenticate using username and pass.
So if user uses username he will got authenticated by Kentico and your custom code won't execute, otherwise your code will attempt to 'convert' email to username and login using it.
SecurityEvents.Authenticate.Execute += OnAuthentication;
private void OnAuthentication(object sender, AuthenticationEventArgs e)
string username = SqlHelper.EscapeQuotes(e.UserName);
string password = SqlHelper.EscapeQuotes(e.Password);
UserInfo user = e.User;
if (user == null)
//get user name by user email
//attempt to authenticate by username and password
e.User = AuthenticationHelper.AuthenticateUser("username", "password", SiteContext.CurrentSiteName);