Just another perspective: I routinely do not use Web-based systems which will not allow me to use my email address as a username, and if I care about the security at all, a complex password containing various symbols, letters, and numbers.

If you're going to ask a user to remember something in order to use your site, you should let them put in anything that's easy for them to remember and they feel is secure, and make sure your system deals with weirdness appropriately (for example by appropriately escaping parts that may be confusing to a Web browser or a database).

In other words, my advice is: do more work coding so your users can be lazy, instead of being lazy so your customers have to do more work remembering.