thanks, using existing data that clients already have is exactly what I'm trying to do. what do you think about using IP addresses? is that insecure too? I mean can a client manually change their IP or is there any possibility of duplicated IPs among clients in the same time?