After having to register at one more website, and hitting stupid restrictions on the Username (no spaces or special characters), I'm wondering why we still have programmers restricting things like that.
Is there a concensus on the methodology of allowable usernames?
Often it's based on technology restrictions. For example, if your UIDs are going into a database, they have to be sanitized. Rather than try to catch all possible exploits or problematic values, many developers choose to restrict their UIDs to alphanumeric characters.
Also, when integrating with legacy systems, sometimes there are limitations already in place - perhaps the "username" field is only 6 or 8 characters long.
Ultimately, there's usually not a good engineering design reason for doing this, since a username should not be used in any meaningful calculations, but there are often good business reasons for doing so.
