diff --git a/api/api/v1/accounts/update_credentials/index.ts b/api/api/v1/accounts/update_credentials/index.ts
index 8e7d3af9..57c9165a 100644
--- a/api/api/v1/accounts/update_credentials/index.ts
+++ b/api/api/v1/accounts/update_credentials/index.ts
@@ -47,6 +47,10 @@ export const schemas = {
             .trim()
             .max(config.validation.max_username_size)
             .toLowerCase()
+            .regex(
+                /^[a-z0-9_-]+$/,
+                "Username can only contain letters, numbers, underscores and hyphens",
+            )
             .refine(
                 (s) =>
                     !config.filters.username.some((filter) => s.match(filter)),