[eluser]Dam1an[/eluser]
I like the idea of using an existing field, something like the email address, which is unique
If you want to fool someone, you could also put a salt field which has content, but serves no purpose, that'll fool them (until they get the source code as well, and see you're login function)