diff --git a/docs/admin.rst b/docs/admin.rst
index 47dd88f5c8b..fe3c166e8a6 100644
--- a/docs/admin.rst
+++ b/docs/admin.rst
@@ -134,7 +134,7 @@ whether they will be using FreeOTP or a YubiKey for two-factor authentication.
 
 .. note::
   We don't allow the username **deleted** as we use it to mark the
-  journalist which are deleted from the system.
+  journalists which are deleted from the system.
 
 FreeOTP
 ^^^^^^^
diff --git a/securedrop/journalist_app/forms.py b/securedrop/journalist_app/forms.py
index 072064d742a..3c048a9ff3b 100644
--- a/securedrop/journalist_app/forms.py
+++ b/securedrop/journalist_app/forms.py
@@ -38,10 +38,9 @@ def name_length_validation(form, field):
 
 
 def check_invalid_usernames(form, field):
-    invalid_usernames = ['deleted']
-    if field.data in invalid_usernames:
+    if field.data in Journalist.INVALID_USERNAMES:
         raise ValidationError(gettext(
-            "Invalid username '{}'".format(field.data)))
+            "Invalid username"))
 
 
 class NewUserForm(FlaskForm):
diff --git a/securedrop/models.py b/securedrop/models.py
index 097b93ab0a9..00dfc2d0b1e 100644
--- a/securedrop/models.py
+++ b/securedrop/models.py
@@ -414,6 +414,7 @@ class Journalist(db.Model):
     MIN_USERNAME_LEN = 3
     MIN_NAME_LEN = 0
     MAX_NAME_LEN = 100
+    INVALID_USERNAMES = ['deleted']
 
     def __init__(self,
                  username: str,
@@ -642,17 +643,16 @@ def login(cls,
               password: str,
               token: str) -> 'Journalist':
 
-        invalid_usernames = ['deleted']
-
         try:
             user = Journalist.query.filter_by(username=username).one()
         except NoResultFound:
             raise InvalidUsernameException(
                 "invalid username '{}'".format(username))
 
-        if user.username in invalid_usernames and user.uuid in invalid_usernames:
+        if user.username in Journalist.INVALID_USERNAMES and \
+                user.uuid in Journalist.INVALID_USERNAMES:
             raise InvalidUsernameException(
-                "Invalid username '{}'".format(username))
+                "Invalid username")
 
         if LOGIN_HARDENING:
             cls.throttle_login(user)
diff --git a/securedrop/tests/functional/journalist_navigation_steps.py b/securedrop/tests/functional/journalist_navigation_steps.py
index 484a6247fc1..aaad7540e96 100644
--- a/securedrop/tests/functional/journalist_navigation_steps.py
+++ b/securedrop/tests/functional/journalist_navigation_steps.py
@@ -341,7 +341,7 @@ def _admin_adds_a_user_with_invalid_username(self):
         self.wait_for(lambda: self.driver.find_element_by_css_selector(".form-validation-error"))
 
         error_msg = self.driver.find_element_by_css_selector(".form-validation-error")
-        assert "Invalid username '{}'".format(invalid_username) in error_msg.text
+        assert "Invalid username" in error_msg.text
 
     def _admin_adds_a_user(self, is_admin=False, new_username=""):
         self.safe_click_by_id("add-user")
diff --git a/securedrop/tests/test_journalist.py b/securedrop/tests/test_journalist.py
index 37aae592f3e..bba4fee4b90 100644
--- a/securedrop/tests/test_journalist.py
+++ b/securedrop/tests/test_journalist.py
@@ -1089,7 +1089,7 @@ def test_admin_add_user_with_invalid_username(journalist_app, test_admin):
                                   password=VALID_PASSWORD,
                                   is_admin=None))
 
-    assert "Invalid username '{}'".format(username) in resp.data.decode('utf-8')
+    assert "Invalid username" in resp.data.decode('utf-8')
 
 
 def test_deleted_user_cannot_login(journalist_app):