diff --git a/Yesod/Auth/Account.hs b/Yesod/Auth/Account.hs
--- a/Yesod/Auth/Account.hs
+++ b/Yesod/Auth/Account.hs
@@ -395,12 +395,11 @@
 -- form into a larger form where you prompt for more information during account
 -- creation.  In this case, the NewAccountData should be passed to 'createNewAccount'
 -- from inside 'postNewAccountR'.
-newAccountForm :: (YesodAuth master
-                  , RenderMessage master FormMessage
+newAccountForm :: (YesodAuthAccount db master
                   , MonadHandler m
                   , HandlerSite m ~ master
                   ) => AForm m NewAccountData
-newAccountForm = NewAccountData <$> areq textField userSettings Nothing
+newAccountForm = NewAccountData <$> areq (checkM checkValidUsername textField) userSettings Nothing
                                 <*> areq emailField emailSettings Nothing
                                 <*> areq passwordField pwdSettings1 Nothing
                                 <*> areq passwordField pwdSettings2 Nothing
@@ -410,7 +409,7 @@
           pwdSettings2  = FieldSettings (SomeMessage Msg.ConfirmPass) Nothing Nothing Nothing []
 
 -- | A default rendering of the 'newAccountForm' using renderDivs.
-newAccountWidget :: (YesodAuth master, RenderMessage master FormMessage) => (Route Auth -> Route master) -> WidgetT master IO ()
+newAccountWidget :: YesodAuthAccount db master => (Route Auth -> Route master) -> WidgetT master IO ()
 newAccountWidget tm = do
     ((_,widget), enctype) <- liftHandlerT $ runFormPost $ renderDivs newAccountForm
     [whamlet|
diff --git a/tests/BasicTests.hs b/tests/BasicTests.hs
--- a/tests/BasicTests.hs
+++ b/tests/BasicTests.hs
@@ -20,7 +20,7 @@
                 byLabel "Username" "abc"
                 byLabel "Password" "xxx"
 
-            statusIs 303
+            statusIs 302
             get' "/auth/login"
             statusIs 200
             bodyContains "Invalid username/password combination"
@@ -40,21 +40,21 @@
                 byLabel "Username" "abc"
                 addNonce
 
-            statusIs 303
+            statusIs 302
             get' "/"
             statusIs 200
             bodyContains "Invalid username"
 
         yit "verify page returns an error" $ do
             get' "/auth/page/account/verify/abc/xxxxxx"
-            statusIs 303
+            statusIs 302
             get' "/"
             statusIs 200
             bodyContains "invalid verification key"
 
         yit "new password returns an error" $ do
             get' "/auth/page/account/newpassword/abc/xxxxxx"
-            statusIs 303
+            statusIs 302
             get' "/"
             statusIs 200
             bodyContains "invalid verification key"
@@ -67,7 +67,7 @@
                 addPostParam "f4" "xxx"
                 addPostParam "f5" "xxx"
 
-            statusIs 303
+            statusIs 302
             get' "/"
             statusIs 200
             bodyContains "As a protection against cross-site"
diff --git a/tests/NewAccount.hs b/tests/NewAccount.hs
--- a/tests/NewAccount.hs
+++ b/tests/NewAccount.hs
@@ -21,7 +21,7 @@
                 byLabel "Password" "xxx"
                 byLabel "Confirm" "yyy"
 
-            statusIs 303
+            statusIs 302
             get' "/"
             statusIs 200
             bodyContains "Passwords did not match"
@@ -37,7 +37,7 @@
                 byLabel "Password" "xxx"
                 byLabel "Confirm" "xxx"
 
-            statusIs 303
+            statusIs 302
             get' "/"
             statusIs 200
             bodyContains "A confirmation e-mail has been sent to test@example.com"
@@ -47,7 +47,7 @@
             assertEqual "email" email "test@example.com"
 
             get' "/auth/page/account/verify/abc/zzzzzz"
-            statusIs 303
+            statusIs 302
             get' "/"
             statusIs 200
             bodyContains "invalid verification key"
@@ -58,7 +58,7 @@
             post'"/auth/page/account/login" $ do
                 byLabel "Username" "abc"
                 byLabel "Password" "yyy"
-            statusIs 303
+            statusIs 302
             get' "/auth/login"
             statusIs 200
             bodyContains "Invalid username/password combination"
@@ -74,7 +74,7 @@
             post'"/auth/page/account/resendverifyemail" $ do
                 addNonce
                 addPostParam "f2" "abc" -- username is also a hidden field
-            statusIs 303
+            statusIs 302
             get' "/"
             bodyContains "A confirmation e-mail has been sent to test@example.com"
 
@@ -85,13 +85,13 @@
 
             -- verify email
             get' verify'
-            statusIs 303
+            statusIs 302
             get' "/"
             statusIs 200
             bodyContains "You are logged in as abc"
 
             post $ AuthR LogoutR
-            statusIs 303
+            statusIs 302
             get' "/"
             statusIs 200
             bodyContains "Please visit the <a href=\"/auth/login\">Login page"
@@ -101,7 +101,7 @@
             post'"/auth/page/account/login" $ do
                 byLabel "Username" "abc"
                 byLabel "Password" "xxx"
-            statusIs 303
+            statusIs 302
             get' "/"
             bodyContains "You are logged in as abc"
 
@@ -115,7 +115,7 @@
             post'"/auth/page/account/resetpassword" $ do
                 byLabel "Username" "abc"
                 addNonce
-            statusIs 303
+            statusIs 302
             get' "/"
             statusIs 200
             bodyContains "A password reset email has been sent to your email address"
@@ -149,7 +149,7 @@
                           [] -> error "Unable to find set password key"
                           element:_ -> return $ head $ attribute "value" $ parseHTML element
                 addPostParam "f3" key
-            statusIs 303
+            statusIs 302
             get' "/"
             statusIs 200
             bodyContains "Password updated"
@@ -162,7 +162,23 @@
             post'"/auth/page/account/login" $ do
                 byLabel "Username" "abc"
                 byLabel "Password" "www"
-            statusIs 303
+            statusIs 302
             get' "/"
             statusIs 200
             bodyContains "You are logged in as abc"
+
+        yit "errors with a username with a period" $ do
+            get' "/auth/page/account/newaccount"
+            statusIs 200
+
+            post' "/auth/page/account/newaccount" $ do
+                addNonce
+                byLabel "Username" "x.y"
+                byLabel "Email" "xy@example.com"
+                byLabel "Password" "hunter2"
+                byLabel "Confirm" "hunter2"
+
+            statusIs 302
+            get' "/"
+            statusIs 200
+            bodyContains "Invalid username" -- Issue #2: a valid username was not checked on creation
diff --git a/yesod-auth-account.cabal b/yesod-auth-account.cabal
--- a/yesod-auth-account.cabal
+++ b/yesod-auth-account.cabal
@@ -1,5 +1,5 @@
 name:              yesod-auth-account
-version:           1.2.2
+version:           1.2.3
 cabal-version:     >= 1.8
 build-type:        Simple
 synopsis:          An account authentication plugin for Yesod
