diff --git a/yadc/bp/auth.py b/yadc/bp/auth.py
index 8937ad1..a28a47a 100644
--- a/yadc/bp/auth.py
+++ b/yadc/bp/auth.py
@@ -45,6 +45,8 @@ def reset_password():
 
     form = ResetPasswordPassForm(request.form)
     if request.method == 'POST' and form.validate():
+        user.create_password(form.password.data)
+
         flash('Password successfully reset.') # for real
         return redirect(url_for('.login'))
 
diff --git a/yadc/forms.py b/yadc/forms.py
index ae8f4b6..8dc284b 100644
--- a/yadc/forms.py
+++ b/yadc/forms.py
@@ -38,7 +38,7 @@ class ResetPasswordPassForm(ResetPasswordForm):
     really = BooleanField('I swear this really is my account and am not trying to steal anybody elses.', validators=[DataRequired()])
 
 class RegisterForm(CSRFForm):
-    username = StringField('Username', validators=[DataRequired()], render_kw=dict(placeholder="Username"))
+    username = StringField('Username', validators=[DataRequired(), Regexp('^[a-zA-Z0-9\-\_\$\#]+$', message="Only letters, numbers and few special characters are supported.")], render_kw=dict(placeholder="Username"))
     email = StringField('Email', validators=[DataRequired(), Email()], render_kw=dict(placeholder="Email"))
     password = PasswordField('Password', validators=[DataRequired()], render_kw=dict(placeholder="Password"))
     password_again = PasswordField('Repeat password', validators=[DataRequired(), EqualTo('password')], render_kw=dict(placeholder="Repeat password"))