Single Responsibility principle VS KISS principle

Question

Let's assume the modeling of User model in a context of a social network.

User concept is composed of two notions:

• Authentication elements like userName/Password/Email etc...
• Extra data information sometimes called "User profile" like firstName, birthday, pictures etc..

At first glance, this analysis involves separation of tasks/responsibilities if we want to keep SRP.

However, typically in the case of a social network, userName may be seen as a pure information belonging to a user's profile rather than a pure element of authentication.

Thus, there is three ways, according to me, to model the User concept.

First, the whole in one class:
User (userName, password, email, firstName, birthday, picture etc...)

Second, a one-to-one relationship between User and UserProfile:
User(userName, password, email) UserProfile(firstName, birthday, picture etc...)

Third, a one-to-one but with a redundancy of the common fields (being as focused on authentication as a visible user information on the website):
User(userName, password, email)
UserProfile(userName, firstName, birthday, picture etc...)

Why repetition here? Of course for consitency and at the same time to avoid joins in cases of relational database when one want to retrieve each Use's profile data.

What is a good practice to model these both concepts? Where should I place userName field?

Dilemma being: keeping KISS (Keep it simple stupid!) or SRP ;)