diff --git a/flake.nix b/flake.nix
index 6820a1f..c41a731 100644
--- a/flake.nix
+++ b/flake.nix
@@ -142,8 +142,6 @@
                                 Environment = [
                                     "RUST_LOG=info"
                                     "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
-                                    "TAPO_USERNAME=mechemjack@gmail.com"
-                                    "TAPO_PASSWORD=Jackkcaj123$"
                                 ];
                                 AmbientCapabilities = [ "CAP_DAC_READ_SEARCH" ];
                                 CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ];
diff --git a/src/auth.rs b/src/auth.rs
index 27ec49d..3fb190f 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -244,8 +244,6 @@ pub async fn post_login(
         }
     };
 
-    println!("Authentication: {} credential(s) found for {}", stored.credentials.len(), username);
-
     let (rcr, auth_state) = match state
         .webauthn
         .start_securitykey_authentication(&stored.credentials)
@@ -334,11 +332,19 @@ pub async fn post_register_start(
         return (StatusCode::UNAUTHORIZED, "Invalid credentials").into_response();
     }
 
-    let user_id = Uuid::new_v4();
+    let stored = load_credentials(&username);
+    let user_id = stored.as_ref().map(|s| s.user_id).unwrap_or_else(Uuid::new_v4);
+
+    let exclude: Option<Vec<CredentialID>> = stored.as_ref().map(|s| {
+        s.credentials
+            .iter()
+            .map(|c| c.cred_id().clone())
+            .collect()
+    });
 
     let (ccr, reg_state) = match state
         .webauthn
-        .start_securitykey_registration(user_id, &username, &username, None, None, None)
+        .start_securitykey_registration(user_id, &username, &username, exclude, None, None)
     {
         Ok(r) => r,
         Err(e) => {
@@ -398,27 +404,12 @@ pub async fn post_register_finish(
         }
     };
 
-    let path = std::path::PathBuf::from(CREDENTIAL_DIR).join(format!("{}.json", username));
-    let mut stored = if path.exists() {
-        match load_credentials(&username) {
-            Some(s) => {
-                println!("Loaded {} existing credential(s) for {}", s.credentials.len(), username);
-                s
-            }
-            None => {
-                println!("ERROR: credential file exists for {} but could not be parsed — refusing to overwrite", username);
-                return (StatusCode::INTERNAL_SERVER_ERROR, "Failed to read existing credentials").into_response();
-            }
-        }
-    } else {
-        StoredCredentials {
-            user_id,
-            credentials: vec![],
-        }
-    };
+    let mut stored = load_credentials(&username).unwrap_or(StoredCredentials {
+        user_id,
+        credentials: vec![],
+    });
 
     stored.credentials.push(passkey);
-    println!("Saving {} credential(s) for {}", stored.credentials.len(), username);
 
     if let Err(e) = save_credentials(&username, &stored) {
         println!("Failed to save credentials: {}", e);