No it isn't. None of my banks or brokerages require me to use it and I don't because it doesn't add much security. It's security theater.
How much effort do you think some nefarious entity is willing to expend to gain access to ONE vote?
How many records of personal (unchangeable) information did China hack from OPM? 23 million.
The email address would be part of the information you provide when appearing in person at a government office to set up or renew your voter account.
Then I will appear in person pretending to be you. But more likely I won't need to do that, I will do it by mail or internet and that's much lower effort. Like you said, how much effort do I want to expend to get one vote? That's really your only protection against masquarading.
Changing your email address would have be done while logged in to your account.
None of that stops China from getting into 23 million accounts using personal information like mother's maiden name, city and date of birth, etc.
If you’re not using 2FA, you are less secure than you could be. My credit union has required it for literally 20 years. My brokerage accounts require using an authenticator browser extension or an authenticator fob. There is no credible argument that it’s impossible to secure an online account sufficiently to protect ONE vote.
I have no doubt the Chinese, or you and anyone else willing to pay the price, have my security clearance application. Nothing on it would give you the slightest advantage in hacking into my online accounts, unless you are willing to get on the phone and attempt social engineering to hijack my account because you know my SSN and mother’s name. A hell of a lot of work for ONE vote, and I would be instantly notified by email of any changes to my account, so you would not get far my friend.
We have mastered the procedures for doing secure business online, and I consider this an “expert” opinion because I’ve been doing online business daily for 20 years without incident.