There is an option on the Settings page that says: Prevent discovery of usernames through '?/author=N' scans
I thought that ticking this option would prevent that people can check for usernames but this is not true. It may work for /?author=1 but certainly not for the other IDs.
The username can simple be found in the titlebar.
I have deactivated the option and added the right code in the htaccess to prevent access to the author name.