Why do some sites recommend "letters, numbers, and special characters" in a username or User ID?
When creating a User ID at the www.discovercard.com website, the "User ID Strength" indicator meter bar indicates that a User ID is "weak" unless it includes letters, numbers, and special characters.
(It looks similar to the "password strength" indicator bar I see when I change my password).
User ID are not nominally secret values; that's why we call them "user ID" and not "passwords", and why graphical interfaces for entering them don't hide the characters". However, creative designers sometimes imagine that user ID are some kind of secret, which leads to situations like what you witness: a site that tries to enforce on the user ID some "complexity rules" normally applied to passwords.
In practice, user ID chosen by users are not very secret, because:
Interfaces and protocols may leak user ID in various places.
Users don't consider them secret and thus will not try to make them unguessable.
Even when users try to make things hard to guess (passwords), they usually fail.
However, lack of rationality has never prevented any enthusiastic developer from adding features.
Arguably, insistence on including "special characters" in strings is not proven to really make these strings harder to guess. Such so-called complexity rules are meant to force users out of their comfort zone (it works: users are much less happy), under the rather specious assumption that an irate or depressed user will somehow choose passwords which are harder to guess.
