Origam server prior to aspnet core was more vague when creating username (used to allow more characters). Users created from that times can’t even change their passwords, because aspnet core triggers username validation while doing password change process (which is quite weird). We need to make username validation less strict, so that older users could change their password without forcing them to change username (which is even more complicated process)