Building Authentication Without Collecting Any Personal Data

What If Your Auth System Collected Zero Personal Data? Traditional authentication has a common pattern: it requires you to collect personal information before you can verify identity. Email. Phone number. Password. All of it ends up in a database, and databases get breached. But there's a different model — one borrowed from cryptocurrency wallets — where the server stores nothing that can be traced back to a real person. Let's build it. The Core Idea Instead of email + password, the user gets a 12-word seed phrase . From that phrase, we derive a cryptographic key pair. The public key becomes their anonymous identity on the server. The private key and the raw mnemonic never leave the browser. Login doesn't ask for the full phrase either. It challenges the user to provide 3 randomly chosen words — which are hashed client-side before comparison. The server only ever sees hashes. Here's what the server ends up storing: { "username" : "a1b2c3d4" , "publicKey" : "8f7a9b2c1d3e4f5a..." , "mnem