diff --git a/ee/tabby-schema/src/schema/auth.rs b/ee/tabby-schema/src/schema/auth.rs
index 7a3c7f64b81f..9e2b23aa1487 100644
--- a/ee/tabby-schema/src/schema/auth.rs
+++ b/ee/tabby-schema/src/schema/auth.rs
@@ -279,6 +279,26 @@ pub struct PasswordChangeInput {
     pub new_password2: String,
 }
 
+#[derive(Validate)]
+pub struct UpdateUserNameInput {
+    #[validate(length(
+        min = 2,
+        code = "username",
+        message = "Username must be at least 2 characters"
+    ))]
+    #[validate(length(
+        max = 20,
+        code = "username",
+        message = "Username must be at most 20 characters"
+    ))]
+    #[validate(regex(
+        code = "username",
+        path = "crate::schema::constants::USERNAME_REGEX",
+        message = "Invalid username, only alphanumeric characters, _ and - are allowed"
+    ))]
+    pub name: String,
+}
+
 #[derive(Debug, Serialize, Deserialize, GraphQLObject)]
 #[graphql(context = Context)]
 pub struct Invitation {
diff --git a/ee/tabby-schema/src/schema/constants.rs b/ee/tabby-schema/src/schema/constants.rs
index 7a0cffcc91a3..4eabd3dd1a13 100644
--- a/ee/tabby-schema/src/schema/constants.rs
+++ b/ee/tabby-schema/src/schema/constants.rs
@@ -3,4 +3,5 @@ use regex::Regex;
 
 lazy_static! {
     pub static ref REPOSITORY_NAME_REGEX: Regex = Regex::new("^[a-zA-Z][\\w.-]+$").unwrap();
+    pub static ref USERNAME_REGEX: Regex = Regex::new("^[a-zA-Z0-9_-]+$").unwrap();
 }
diff --git a/ee/tabby-schema/src/schema/mod.rs b/ee/tabby-schema/src/schema/mod.rs
index 3829a5ec3548..dec90a13bdd7 100644
--- a/ee/tabby-schema/src/schema/mod.rs
+++ b/ee/tabby-schema/src/schema/mod.rs
@@ -623,7 +623,9 @@ impl Mutation {
                 "You cannot change another user's name",
             ));
         }
-        ctx.locator.auth().update_user_name(&id, name).await?;
+        let input = auth::UpdateUserNameInput { name };
+        input.validate()?;
+        ctx.locator.auth().update_user_name(&id, input.name).await?;
         Ok(true)
     }
 
diff --git a/ee/tabby-webserver/src/service/auth.rs b/ee/tabby-webserver/src/service/auth.rs
index fdaa8e66ec2e..ebb76883b79d 100644
--- a/ee/tabby-webserver/src/service/auth.rs
+++ b/ee/tabby-webserver/src/service/auth.rs
@@ -223,9 +223,6 @@ impl AuthenticationService for AuthenticationServiceImpl {
         if is_demo_mode() {
             bail!("Changing profile data is disabled in demo mode");
         }
-        if name.is_empty() || name.len() > 100 {
-            bail!("Name must be between 1 and 10 characters");
-        }
         let id = id.as_rowid()?;
         self.db.update_user_name(id, name).await?;
         Ok(())