diff --git a/docs/upgrades/upgrade_4.6.7-4.6.8.sql b/docs/upgrades/upgrade_4.6.7-4.6.8.sql
index 6f7f37277..4d1d709ff 100644
--- a/docs/upgrades/upgrade_4.6.7-4.6.8.sql
+++ b/docs/upgrades/upgrade_4.6.7-4.6.8.sql
@@ -5,6 +5,14 @@ INSERT INTO international VALUES (12,'Poll',7,'
 alter table page modify title varchar(255) null;
 update international set lastUpdated='1031510000' where lastUpdated='1031516049';
 insert into international (internationalId,languageId,namespace,message,lastUpdated) values (723,1,'WebGUI','Deprecated', 1031800566);
+delete from international where languageId=1 and namespace='WebGUI' and internationalId=727;
+insert into international (internationalId,languageId,namespace,message,lastUpdated) values (727,1,'WebGUI','Your password cannot be "password".', 1031880154);
+delete from international where languageId=1 and namespace='WebGUI' and internationalId=725;
+insert into international (internationalId,languageId,namespace,message,lastUpdated) values (725,1,'WebGUI','Your username cannot be blank.', 1031879612);
+delete from international where languageId=1 and namespace='WebGUI' and internationalId=724;
+insert into international (internationalId,languageId,namespace,message,lastUpdated) values (724,1,'WebGUI','Your username cannot begin or end with a space.', 1031879593);
+delete from international where languageId=1 and namespace='WebGUI' and internationalId=726;
+insert into international (internationalId,languageId,namespace,message,lastUpdated) values (726,1,'WebGUI','Your password cannot be blank.', 1031879567);
 
 
 
diff --git a/lib/WebGUI/Operation/Account.pm b/lib/WebGUI/Operation/Account.pm
index e97f9a0c7..f130d5abf 100644
--- a/lib/WebGUI/Operation/Account.pm
+++ b/lib/WebGUI/Operation/Account.pm
@@ -74,22 +74,34 @@ sub _accountOptions {
 
 #-------------------------------------------------------------------
 sub _hasBadPassword {
-	if ($_[0] ne $_[1] || $_[0] eq "") {
-		return 1;
-	} else {
-		return 0;
+	my ($error);
+	if ($_[0] ne $_[1]) {
+		$error = '<li>'.WebGUI::International::get(78);
+	} 
+	if ($_[0] eq "password") {
+		$error .= '<li>'.WebGUI::International::get(727);
 	}
+	if ($_[0] eq "") {
+		$error .= '<li>'.WebGUI::International::get(726);
+	}
+	return $error;
 }
 
 #-------------------------------------------------------------------
 sub _hasBadUsername {
-	my ($otherUser);
-	($otherUser) = WebGUI::SQL->quickArray("select username from users where username='$_[0]'");
-	if (($otherUser ne "" && $otherUser ne $session{user}{username}) || $_[0] eq "") {
-		return 1;
-	} else {
-		return 0;
+	my ($error,$otherUser);
+	if ($_[0] =~ /^\s/ || $_[0] =~ /\s$/) {
+		$error = '<li>'.WebGUI::International::get(724);
+	} 
+	if ($_[0] eq "") {
+		$error .= '<li>'.WebGUI::International::get(725);
 	}
+	($otherUser) = WebGUI::SQL->quickArray("select username from users where username='$_[0]'");
+	if ($otherUser ne "" && $otherUser ne $session{user}{username}) {
+		$error .= '<li>'.WebGUI::International::get(77).' "'.$_[0].'too", "'.$_[0].'2", '
+                	.'"'.$_[0].'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"';
+	}
+	return $error;
 }
 
 #-------------------------------------------------------------------
@@ -193,22 +205,14 @@ sub www_createAccount {
 #-------------------------------------------------------------------
 sub www_createAccountSave {
         my ($profile, $u, $username, $uri, $temp, $ldap, $port, %args, $search, 
-		$connectDN, $auth, $output, $error, $uid,  
-		$encryptedPassword, $fieldName);
+		$connectDN, $auth, $output, $error, $uid,  $encryptedPassword, $fieldName);
         if ($session{setting}{authMethod} eq "LDAP" && $session{setting}{usernameBinding}) {
                 $username = $session{form}{ldapId};
         } else {
                 $username = $session{form}{username};
         }
-        if (_hasBadUsername($username)) {
-                $error = '<li>'.WebGUI::International::get(77);
-                $error .= ' "'.$username.'too", ';
-                $error .= '"'.$username.'2", ';
-                $error .= '"'.$username.'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"';
-        }
-        if (_hasBadPassword($session{form}{identifier1},$session{form}{identifier2})) {
-                $error .= '<li>'.WebGUI::International::get(78);
-        }
+	$error = _hasBadUsername($username);
+	$error .= _hasBadPassword($session{form}{identifier1},$session{form}{identifier2});
         if ($session{setting}{authMethod} eq "LDAP") {
                 $uri = URI->new($session{setting}{ldapURL});
                 if ($uri->port < 1) {
@@ -533,21 +537,14 @@ sub www_recoverPasswordFinish {
 sub www_updateAccount {
         my ($output, $error, $encryptedPassword, $passwordStatement, $u);
         if ($session{var}{sessionId}) {
-        	if (_hasBadUsername($session{form}{username})) {
-                	$error = WebGUI::International::get(77);
-			$error .= ' "'.$session{form}{username}.'too", ';
-                	$error .= '"'.$session{form}{username}.'2", ';
-                	$error .= '"'.$session{form}{username}.'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"';
-			$error .= '<p>';
-        	}
         	if ($session{form}{identifier1} ne "password") {
-			if (_hasBadPassword($session{form}{identifier1},$session{form}{identifier2})) {
-                		$error .= WebGUI::International::get(78).'<p>';
-        		} else {
+			$error = _hasBadPassword($session{form}{identifier1},$session{form}{identifier2});
+        		unless ($error) {
                 		$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});
 				$passwordStatement = ', identifier='.quote($encryptedPassword);
 			}
 		}
+		$error .= _hasBadUsername($session{form}{username});
         	if ($error eq "") {
 			$u = WebGUI::User->new($session{user}{userId});
                 	$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});