A frictionless authentication system that identifies users by name + device fingerprint — no signup, no login, no passwords required. Best suited for websites with chat or any lightweight user interaction.
No signup. No login. No passwords. Just recognition.
Users enter only their name. The system collects a device fingerprint via FingerprintJS and generates a Session UUID stored in localStorage to silently recognize them on return visits.
- User enters their name
- Frontend collects a device fingerprint via FingerprintJS
- Backend generates a Session UUID
- Records stored in three collections:
Users
| Field | Description |
|---|---|
UserId |
Unique identifier for the user |
NameHash |
Hashed user name |
CreatedAt |
Account creation timestamp |
Devices
| Field | Description |
|---|---|
DeviceId |
Unique identifier for the device |
UserId |
Linked user |
FingerprintHash |
Hashed device fingerprint |
UserAgent |
Browser information |
FirstSeen |
First time the device was detected |
Sessions
| Field | Description |
|---|---|
SessionUUID |
Unique session identifier |
DeviceId |
Linked device |
CreatedAt |
Session creation time |
LastSeen |
Last activity timestamp |
- UUID saved in
localStorage— used for all future visits
- UUID found in
localStorage→ session verified → user continues normally - UUID missing → proceed to recovery flow below
- Backend compares current device fingerprint against stored devices
- Similarity score calculated (80% threshold)
- If score ≥ 80% → user asked to enter their name → name hash compared
- Match found → new UUID generated and stored (old UUIDs are NOT deleted)
- Score < 80% → treated as a new user
Fingerprint + name match an existing user → new session UUID created and linked to the same UserId.
| Device | Browser | Session UUID |
|---|---|---|
| Desktop | Chrome | UUID-1 |
| Desktop | Firefox | UUID-2 |
| Mobile | Safari | UUID-3 |
All sessions are linked to the same UserId.
For manual recovery across unrecognized devices:
- Short human-readable code (e.g.,
ZUHRAN-4912) - Stored in the database, linked to
UserIdand session - Entering the code restores access and links the current device
| Scenario | Behavior |
|---|---|
| Cookie cleared | Fingerprint match → ask name → generate new UUID |
| Mobile / new device | Fingerprint + name → new session linked to existing user |
| Two browsers, same device | Each browser gets its own UUID |
| Recovery code entered | Restores previous sessions |
| Fingerprint slightly changed | 70–80% similarity → ask for name |
| Two users with the same name | Fingerprint used as primary identifier |
| Incognito / private browsing | Treated as a new device → new UUID |
- Frontend: React + Vite
- Backend: Node.js + Express
- Database: MongoDB (Mongoose)
- Fingerprinting: FingerprintJS
- Hashing: bcrypt
- Node.js
- MongoDB
- Clone the repo:
git clone https://github.com/Zuhran110/softAuthentication.git
cd softAuthentication- Install dependencies:
cd server && npm install
cd ../client && npm install- Configure environment variables:
Copy the .env.example files in both server/ and client/ and fill in your values:
server/.env
MONGO_URI=your_mongodb_connection_string
PORT=5000
client/.env
VITE_BACKEND_URL=http://localhost:5000
- Run the app:
# In /server
npm run dev
# In /client
npm run dev- This is not a replacement for traditional authentication. Do not use it for apps handling sensitive data like payments, health info, or private messages.
- Device fingerprinting may fall under GDPR and similar privacy regulations. Ensure compliance if deploying for users in the EU/UK.
- Fingerprints can drift over time due to browser updates, extensions, or OS changes. The similarity threshold helps but isn't foolproof.
Issues and PRs are welcome. If you have ideas for improvements or find bugs, feel free to open an issue.