diff --git a/modules/user/user.module b/modules/user/user.module
index b239799..5c2624a 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -2461,7 +2461,7 @@ function _user_cancel($edit, $account, $method) {
         _user_mail_notify('status_blocked', $account);
       }
       user_save($account, array('status' => 0));
-      drupal_set_message(t('%name has been disabled.', array('%name' => $account->name)));
+      drupal_set_message(t('%name has been disabled.', array('%name' => format_username($account))));
       watchdog('user', 'Blocked user: %name %email.', array('%name' => $account->name, '%email' => '<' . $account->mail . '>'), WATCHDOG_NOTICE);
       break;
 
@@ -2472,7 +2472,7 @@ function _user_cancel($edit, $account, $method) {
         _user_mail_notify('status_canceled', $account);
       }
       user_delete($account->uid);
-      drupal_set_message(t('%name has been deleted.', array('%name' => $account->name)));
+      drupal_set_message(t('%name has been deleted.', array('%name' => format_username($account))));
       watchdog('user', 'Deleted user: %name %email.', array('%name' => $account->name, '%email' => '<' . $account->mail . '>'), WATCHDOG_NOTICE);
       break;
   }
@@ -3291,14 +3291,14 @@ function user_multiple_cancel_confirm($form, &$form_state) {
       '#type' => 'hidden',
       '#value' => $uid,
       '#prefix' => '<li>',
-      '#suffix' => check_plain($account->name) . "</li>\n",
+      '#suffix' => check_plain(format_username($account)) . "</li>\n",
     );
   }
 
   // Output a notice that user 1 cannot be canceled.
   if (isset($accounts[1])) {
     $redirect = (count($accounts) == 1);
-    $message = t('The user account %name cannot be cancelled.', array('%name' => $accounts[1]->name));
+    $message = t('The user account %name cannot be cancelled.', array('%name' => format_username($accounts[1])));
     drupal_set_message($message, $redirect ? 'error' : 'warning');
     // If only user 1 was selected, redirect to the overview.
     if ($redirect) {
@@ -3878,7 +3878,7 @@ function user_register_submit($form, &$form_state) {
   // New administrative account without notification.
   $uri = entity_uri('user', $account);
   if ($admin && !$notify) {
-    drupal_set_message(t('Created a new user account for <a href="@url">%name</a>. No e-mail has been sent.', array('@url' => url($uri['path'], $uri['options']), '%name' => $account->name)));
+    drupal_set_message(t('Created a new user account for <a href="@url">%name</a>. No e-mail has been sent.', array('@url' => url($uri['path'], $uri['options']), '%name' => format_username($account))));
   }
   // No e-mail verification required; log in user immediately.
   elseif (!$admin && !variable_get('user_email_verification', TRUE) && $account->status) {
@@ -3893,7 +3893,7 @@ function user_register_submit($form, &$form_state) {
     $op = $notify ? 'register_admin_created' : 'register_no_approval_required';
     _user_mail_notify($op, $account);
     if ($notify) {
-      drupal_set_message(t('A welcome message with further instructions has been e-mailed to the new user <a href="@url">%name</a>.', array('@url' => url($uri['path'], $uri['options']), '%name' => $account->name)));
+      drupal_set_message(t('A welcome message with further instructions has been e-mailed to the new user <a href="@url">%name</a>.', array('@url' => url($uri['path'], $uri['options']), '%name' => format_username($account))));
     }
     else {
       drupal_set_message(t('A welcome message with further instructions has been sent to your e-mail address.'));
diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc
index 8ec2348..f333063 100644
--- a/modules/user/user.pages.inc
+++ b/modules/user/user.pages.inc
@@ -98,14 +98,14 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a
   if ($user->uid) {
     // The existing user is already logged in.
     if ($user->uid == $uid) {
-      drupal_set_message(t('You are logged in as %user. <a href="!user_edit">Change your password.</a>', array('%user' => $user->name, '!user_edit' => url("user/$user->uid/edit"))));
+      drupal_set_message(t('You are logged in as %user. <a href="!user_edit">Change your password.</a>', array('%user' => format_username($user), '!user_edit' => url("user/$user->uid/edit"))));
     }
     // A different user is already logged in on the computer.
     else {
       $reset_link_account = user_load($uid);
       if (!empty($reset_link_account)) {
         drupal_set_message(t('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. Please <a href="!logout">logout</a> and try using the link again.',
-          array('%other_user' => $user->name, '%resetting_user' => $reset_link_account->name, '!logout' => url('user/logout'))));
+          array('%other_user' => format_username($user), '%resetting_user' => format_username($reset_link_account), '!logout' => url('user/logout'))));
       } else {
         // Invalid one-time link specifies an unknown user.
         drupal_set_message(t('The one-time login link you clicked is invalid.'));
@@ -142,7 +142,13 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a
           drupal_goto('user/' . $user->uid . '/edit', array('query' => array('pass-reset-token' => $token)));
         }
         else {
-          $form['message'] = array('#markup' => t('<p>This is a one-time login for %user_name and will expire on %expiration_date.</p><p>Click on this button to log in to the site and change your password.</p>', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout))));
+          if (!$account->login) {
+            // No expiration for first time login.
+            $form['message'] = array('#markup' => t('<p>This is a one-time login for %user_name.</p><p>Click on this button to log in to the site and change your password.</p>', array('%user_name' => format_username($account))));
+          }
+          else {
+            $form['message'] = array('#markup' => t('<p>This is a one-time login for %user_name and will expire on %expiration_date.</p><p>Click on this button to log in to the site and change your password.</p>', array('%user_name' => format_username($account), '%expiration_date' => format_date($timestamp + $timeout))));
+          }
           $form['help'] = array('#markup' => '<p>' . t('This login can be used only once.') . '</p>');
           $form['actions'] = array('#type' => 'actions');
           $form['actions']['submit'] = array('#type' => 'submit', '#value' => t('Log in'));
@@ -395,7 +401,7 @@ function user_cancel_confirm_form($form, &$form_state, $account) {
     $question = t('Are you sure you want to cancel your account?');
   }
   else {
-    $question = t('Are you sure you want to cancel the account %name?', array('%name' => $account->name));
+    $question = t('Are you sure you want to cancel the account %name?', array('%name' => format_username($account)));
   }
   $description = '';
   if ($can_select_method) {