Aetna's username policy requires a number. In the username. On the other hand, they authenticate using the same "security questions" everyone else uses. So if your account is cracked somewhere, the crooks can use your past "security" answers to get your Aetna account too -- even if they don't know your "secret" "username".
Confusing the username with the password. That's rich. Aetna wins this month's stupid security policy prize.