For something really basic a simple hash like "username+my_secret" does the trick and is easy to check with nothing stored on the server side. I however have always created a uuid for each new device login and store in DB so the user can see a list of all devices used to login.