diff --git a/include/bank.h b/include/bank.h
index d5abb8f..16de272 100644
--- a/include/bank.h
+++ b/include/bank.h
@@ -10,6 +10,8 @@
 #include "change_flag.h"
 #endif
 
+bool ValidUsername(const std::string &name) noexcept;
+
 class Bank
 {
 #if MULTI_THREADED
diff --git a/src/bank.cpp b/src/bank.cpp
index 1de7e5b..46ba0eb 100644
--- a/src/bank.cpp
+++ b/src/bank.cpp
@@ -2,7 +2,7 @@
 
 using namespace drogon;
 
-INLINE bool ValidUsrname(const std::string &name) noexcept
+bool ValidUsername(const std::string &name) noexcept
 {
     if (name.size() < min_name_size || name.size() > max_name_size)
     {
@@ -211,7 +211,7 @@ bool Bank::AdminVerifyAccount(const std::string &name) noexcept
 }
 BankResponse Bank::AddUser(const std::string &name, uint32_t init_bal, std::string &&init_pass) noexcept
 {
-    if (!ValidUsrname(name))
+    if (!ValidUsername(name))
     {
         return {k400BadRequest, "\"Invalid Name, breaks size and/or character restrictions\""};
     }
diff --git a/src/user_filter.cpp b/src/user_filter.cpp
index 590f201..e900e6d 100644
--- a/src/user_filter.cpp
+++ b/src/user_filter.cpp
@@ -61,34 +61,37 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
 
             std::string_view results_view(result_buffer, new_sz);
             std::size_t middle = results_view.find(':');
-            if (middle != std::string::npos)
+            if (middle != std::string::npos && ((new_sz - middle) <= 256))
             {
                 StrFromSV_Wrapper username(results_view.substr(0, middle));
-                if constexpr (require_admin)
+                if (ValidUsername(username.str)) //check if username is a valid attempt to avoid hashing/grabbing shared lock
                 {
-                    if (bank.AdminVerifyAccount(username.str))
+                    if constexpr (require_admin)
+                    {
+                        if (bank.AdminVerifyAccount(username.str))
+                        {
+                            StrFromSV_Wrapper password(results_view.substr(middle + 1));
+                            if (bank.VerifyPassword(username.str, password.str))
+                            {
+                                fccb();
+                                return;
+                            }
+                        }
+                    }
+                    else
                     {
                         StrFromSV_Wrapper password(results_view.substr(middle + 1));
-                        if (bank.VerifyPassword(username.str, password.str))
+                        if (bank.VerifyPassword(username.str, results_view.substr(middle + 1)))
                         {
+                            if constexpr (set_body_flag)
+                            {
+                                req->setParameter("name", username.str);
+                            }
                             fccb();
                             return;
                         }
                     }
                 }
-                else
-                {
-                    StrFromSV_Wrapper password(results_view.substr(middle + 1));
-                    if (bank.VerifyPassword(username.str, results_view.substr(middle + 1)))
-                    {
-                        if constexpr (set_body_flag)
-                        {
-                            req->setParameter("name", username.str);
-                        }
-                        fccb();
-                        return;
-                    }
-                }
             }
         }
     }