Please read this thread: http://osticket.com/forums/showthread.php?t=814(http://osticket.com/forums/showthread.php?t=814) and this:
That would be a serious security flaw. For example to access all your tickets, all I need to know is your email address to open a new ticket and login. i.e osTicket uses email/ticketID combination for logins. The plan is to move to username/password in the future but still allow email/ticketID to view individual ticket.