diff --git a/server/mergin/auth/models.py b/server/mergin/auth/models.py
index b57631cb..b54336ce 100644
--- a/server/mergin/auth/models.py
+++ b/server/mergin/auth/models.py
@@ -12,7 +12,7 @@
 
 from ..app import db
 from ..sync.models import ProjectUser
-from ..sync.utils import get_user_agent, get_ip, get_device_id
+from ..sync.utils import get_user_agent, get_ip, get_device_id, is_reserved_word
 
 
 class User(db.Model):
@@ -200,7 +200,9 @@ def generate_username(cls, email: str) -> Optional[str]:
         # remove forbidden chars
         username = re.sub(
             r"[\@\#\$\%\^\&\*\(\)\{\}\[\]\?\'\"`,;\:\+\=\~\\\/\|\<\>]", "", username
-        )
+        ).ljust(4, "0")
+        # additional check for reserved words
+        username = f"{username}0" if is_reserved_word(username) else username
         # check if we already do not have existing usernames
         suffix = db.session.execute(
             text(
diff --git a/server/mergin/tests/test_auth.py b/server/mergin/tests/test_auth.py
index fcd98d8b..ee2dc725 100644
--- a/server/mergin/tests/test_auth.py
+++ b/server/mergin/tests/test_auth.py
@@ -844,6 +844,14 @@ def test_username_generation(client):
     # generate username from email containing invalid chars for username, e.g. +
     assert User.generate_username("tralala+test@example.com") == "tralalatest"
 
+    # generate username from short email
+    user = add_user("t000", "user")
+    assert User.generate_username("t@example.com") == "t0001"
+    assert User.generate_username("t11@example.com") == "t110"
+
+    user = add_user("support1", "user")
+    assert User.generate_username("support@example.com") == "support0"
+
 
 def test_server_usage(client):
     """Test server usage endpoint"""