We just had a support case where the user already had an account, but lost_username claimed the email was not in use. When the user, confused, tried to create a new account, he got an email (using is_email_used_elsewhere) saying that the email is already in use.

Possible reasons I could see: 1) the email was entered with capital letters; 2) the email contains a dot.

In any case, it would seem that the comparison we use in is_email_used_elsewhere is better and we should use that for lost_username too instead of a basic _get_by_keys