You could just make min(len(secret_username)) = 1 + min(len(username)) + min(len(password))... if that's what you wanted.

Not all systems need to have the same level of security though, nor do they all need to assume their users are ignorant.