Someone else had basically the same idea, to authenticate based on matrix account instead of email address:
- Ask for matrix account (instead of email address)
- Send code to given mxid
- Let authentication proceed if user gives the code you sent
Both are much safer than giving someone else your full mxid and password and hoping that they don’t abuse or leak that information, like Sign in with Matrix.