One way to deal with the multiple accounts problem step by step is:
- make an MVP version which logs you in if the email address matches exactly one account and the password matches that account, and gives the same vague error message in any other case (and always calculates a password hash to thwart timing attacks)
- add a "primary account for this email address" flag to the user table (or possibly a new table with unique email + primary account - more effort, less race conditions), set it in some sensible way (e.g. max editcount), relax the login conditions for accounts with matching email addresses to "only one account matches or only one matching account has a primary flag"
- add a "set this account as primary" link in the user preferences; when clicked, it sets the primary flag for that account and clears it for all other accounts with the same email. (Depending on our level of paranoia, this might require verification via email.)