diff --git a/net/server/internal/authUtil.go b/net/server/internal/authUtil.go
index 382af513..4ef7c607 100644
--- a/net/server/internal/authUtil.go
+++ b/net/server/internal/authUtil.go
@@ -334,15 +334,15 @@ func BasicCredentials(r *http.Request) (string, []byte, error) {
 		return username, password, err
 	}
 
-	// parse credentials
-	login := strings.Split(string(credentials), ":")
-	if login[0] == "" || login[1] == "" {
-		return username, password, errors.New("invalid credentials")
-	}
-	username = login[0]
+  login := string(credentials)
+  idx := strings.Index(login, ":");
+  if idx <= 0 {
+    return username, password, errors.New("invalid credentials")
+  }
 
 	// hash password
-	password, err = bcrypt.GenerateFromPassword([]byte(login[1]), bcrypt.DefaultCost)
+	username = login[0:idx]
+	password, err = bcrypt.GenerateFromPassword([]byte(login[idx+1:]), bcrypt.DefaultCost)
 	if err != nil {
 		return username, password, err
 	}
diff --git a/net/web/src/access/createAccount/CreateAccount.jsx b/net/web/src/access/createAccount/CreateAccount.jsx
index 31168d7b..2f17f911 100644
--- a/net/web/src/access/createAccount/CreateAccount.jsx
+++ b/net/web/src/access/createAccount/CreateAccount.jsx
@@ -15,7 +15,7 @@ export  function CreateAccount() {
     catch(err) {
       modal.error({
         title: 'Create Account Error',
-        content: 'Please check with you administrator.',
+        content: 'Please check with your administrator.',
         bodyStyle: { padding: 16 },
       });
     }
diff --git a/net/web/src/access/createAccount/useCreateAccount.hook.js b/net/web/src/access/createAccount/useCreateAccount.hook.js
index dbf20146..fb67e50b 100644
--- a/net/web/src/access/createAccount/useCreateAccount.hook.js
+++ b/net/web/src/access/createAccount/useCreateAccount.hook.js
@@ -1,6 +1,7 @@
 import { useContext, useState, useEffect, useRef } from 'react';
 import { AppContext } from 'context/AppContext';
 import { useNavigate, useLocation } from "react-router-dom";
+import { getUsername } from 'api/getUsername';
 
 export function useCreateAccount() {
 
@@ -27,9 +28,9 @@ export function useCreateAccount() {
     setChecked(false)
     clearTimeout(debounce.current)
     debounce.current = setTimeout(async () => {
-      if (app.actions?.username && name !== '') {
+      if (name !== '') {
         try {
-          let valid = await app.actions.username(name, state.token)
+          let valid = await getUsername(name, state.token)
           if (!valid) {
             updateState({ validateStatus: 'error', help: 'Username is not available' })
           }
@@ -61,8 +62,9 @@ export function useCreateAccount() {
       updateState({ confirm });
     },
     isDisabled: () => {
-      if (state.username === '' || state.password === '' || state.password !== state.confirm || !checked ||
-          state.validateStatus === 'error') {
+      const restricted = new RegExp('[!@#$%^&*()\ ,.?":{}|<>]', 'i');
+      if (state.username === '' || restricted.test(state.username) || state.password === '' ||
+          state.password !== state.confirm || !checked || state.validateStatus === 'error') {
         return true
       }
       return false