When a user gets renamed, and doesn't know about it (they don't have a valid email address, the email goes to spam etc) they get locked out of their account, since they don't know what username they should be using during login. This seems easy to fix - when a login fails due to wrong password or no account by that name existing, we could look up the account name in the rename logs, and if there's a match, tell the user that they should try to log in with the new name.

Two things make this harder than it sounds:

• "Rename logs" depends on the primary authentication provider (e.g. for CentralAuth, we'd want to check the global rename logs, rather than the rename logs of the current wiki where the old account might not have existed at the time of renaming) so we'd have to create some sort of abstraction for that.
• Various non-password checks return deliberately ambiguous error messages since usually we don't want an attacker to know whether the password was wrong, or the password was correct but some other check prevented them. We'd have to ensure that the behavior is consistent for those things and wrong password errors.

Even so, it seems not too difficult and worth doing.