The mongodb blog has an excellent post detailing how to implement user authentication. http://blog.mongodb.org/post/32866457221/password-authentication-with-mongoose-part-1 The following is copied directly from the link above: User Model var mongoose = require('mongoose'), Schema = mongoose.Schema, bcrypt = require('bcrypt'), SALT_WORK_FACTOR = 10; var UserSchema = new Schema({ username: { type: S