diff --git a/app/server.js b/app/server.js
index d183241..1ab2d04 100755
--- a/app/server.js
+++ b/app/server.js
@@ -156,6 +156,18 @@ app.get('/join/', (req, res) => {
             return unauthorized(res);
         }
 
+        const isValidUser = isValidUsername(user);
+        console.log('isValidUser', { user: user, valid: isValidUser });
+        if (!isValidUser) {
+            return unauthorized(res);
+        }
+
+        const isValidCall = isValidUsername(user);
+        console.log('isValidCall', { call: call, valid: isValidCall });
+        if (!isValidCall) {
+            return unauthorized(res);
+        }
+
         if (user || (user && call)) {
             return res.sendFile(HOME);
         }
@@ -306,6 +318,19 @@ function handleConnection(socket) {
     // Function to handle user sign-in request
     function handleSignIn(data) {
         const { name } = data;
+
+        const isValidName = isValidUsername(name);
+        console.log('isValidName', { username: name, valid: isValidName });
+        if (!isValidName) {
+            sendMsgTo(socket, {
+                type: 'signIn',
+                success: false,
+                message:
+                    'Invalid username.<br/> Allowed letters, numbers, underscores, periods, hyphens, and @. Length: 3-36 characters.',
+            });
+            return;
+        }
+
         if (!users.has(name)) {
             users.set(name, socket);
             socket.username = name;
@@ -377,6 +402,12 @@ function handleConnection(socket) {
     }
 }
 
+// Allow letters, numbers, underscores, periods, hyphens, and @. Length: 3-36 characters
+function isValidUsername(username) {
+    const usernamePattern = /^[a-zA-Z0-9_.-@]{3,36}$/;
+    return usernamePattern.test(username);
+}
+
 // Function to get all connected users
 function getConnectedUsers() {
     return Array.from(users.keys());
diff --git a/package.json b/package.json
index e54aadd..23d923a 100755
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "call-me",
-    "version": "1.0.42",
+    "version": "1.0.43",
     "description": "Your Go-To for Instant Video Calls",
     "author": "Miroslav Pejic - miroslav.pejic.85@gmail.com",
     "license": "AGPLv3",
diff --git a/public/client.js b/public/client.js
index 35d779f..66989d3 100755
--- a/public/client.js
+++ b/public/client.js
@@ -52,7 +52,7 @@ document.addEventListener('DOMContentLoaded', function () {
 // Handle config
 const elementsToHide = [
     { condition: !app.showGithub, element: githubDiv },
-    { condition: !app.attribution, element: attribution }
+    { condition: !app.attribution, element: attribution },
 ];
 
 elementsToHide.forEach(({ condition, element }) => {
@@ -478,10 +478,12 @@ function handleNotFound(data) {
 
 // Handle sign-in response from the server
 function handleSignIn(data) {
-    const { success } = data;
+    const { success, message } = data;
     if (!success) {
-        handleError('Username already in use.<br/>Please try a different one.');
-        setTimeout(handleHangUpClick, 3000);
+        handleError(message);
+        if (!message.startsWith('Invalid username')) {
+            setTimeout(handleHangUpClick, 3000);
+        }
     } else {
         githubDiv.style.display = 'none';
         attribution.style.display = 'none';
@@ -670,7 +672,7 @@ function handleLeave() {
 }
 
 // Handle and display errors
-function handleError(message, error = false, position = 'center', timer = 4000) {
+function handleError(message, error = false, position = 'center', timer = 6000) {
     if (error) console.error(error);
     sound('notify');
     Swal.fire({