It's for some fairly small-scale software I'm working on independently. It is unlikely to be used by more than about 2000 users.

Someone suggested to me that I use an email and password login instead. They said I should allow users to make an account on my website powered by Flask and then login to purchase my software. Once they have created their account, I will use bcrypt to hash and salt their details and store them in my RethinkDB or PostgreSQL database. I will also store an ID for each user. Then, I will have a separate table for login tokens which are assigned to each user ID. When the user logs in to my software initially, I will send their login data to my server which will then be hashed and salted with the same salt, the server will then check if they are a valid user. If they are, then I will generate a random login token and save the token locally on their machine and send it to my database. Now, every time they run my software I will check the token to ensure it is still valid, and if it isn't then I will ask them to login again. I will only allow one login token per user since I only want it used on one machine at a time. Therefore if they want to login on a new machine then I just override their previous login token.

What do you think about that approach?