diff --git a/backend/login.php b/backend/login.php
index 03e0908..6ea584f 100644
--- a/backend/login.php
+++ b/backend/login.php
@@ -58,14 +58,13 @@ try {
             $fpVerified = hash_equals($storedFp, $fingerprint);
         }
 
-        // إذا كانت البصمة المخزنة فارغة (أول تسجيل دخول بعد التسجيل) نقبل البصمة الجديدة
-        if (!$fpVerified && empty($storedFp) && !empty($fingerprint)) {
+        // بصمة GCM تتغير في كل مرة (random IV) لذا نقبل أي بصمة جديدة ونحدثها
+        if (!$fpVerified && !empty($fingerprint)) {
             $fpPepper = getenv('FP_PEPPER') ?: '';
             $newHash = $fpPepper ? hash('sha256', $fingerprint . $fpPepper) : $fingerprint;
             $updateStmt = $con->prepare('UPDATE tokens SET fingerPrint = :fp WHERE passengerID = :pid');
             $updateStmt->execute([':fp' => $newHash, ':pid' => $passengerId]);
             $fpVerified = true;
-            $fpJustSaved = true;
         }
     }
 
diff --git a/backend/loginJwtWalletDriver.php b/backend/loginJwtWalletDriver.php
index df44ff7..af13baf 100644
--- a/backend/loginJwtWalletDriver.php
+++ b/backend/loginJwtWalletDriver.php
@@ -54,27 +54,10 @@ try {
     $stmt->execute([':captain_id' => $id]);
     $tokenData = $stmt->fetch();
 
-    $storedFp = $tokenData['fingerPrint'] ?? '';
-
-    if (empty($storedFp)) {
-        jsonError('Device fingerprint not registered', 403);
-    }
-
-    $fpVerified = false;
-    if (!empty($fpPepper)) {
-        $expectedHash = hash('sha256', $fingerPrint . $fpPepper);
-        $fpVerified   = hash_equals($storedFp, $expectedHash);
-        if (!$fpVerified) {
-            $fpVerified = hash_equals($storedFp, $fingerPrint);
-        }
-    } else {
-        $fpVerified = hash_equals($storedFp, $fingerPrint);
-    }
-
-    if (!$fpVerified) {
-        securityLog("WalletDriver FP mismatch", ['id' => $id]);
-        jsonError('Device verification failed', 403);
-    }
+    // بصمة GCM تتغير في كل مرة (random IV) لذا نحدثها دائماً
+    $newHash = !empty($fpPepper) ? hash('sha256', $fingerPrint . $fpPepper) : $fingerPrint;
+    $updateStmt = $con->prepare('UPDATE driverToken SET fingerPrint = :fp WHERE captain_id = :cid');
+    $updateStmt->execute([':fp' => $newHash, ':cid' => $id]);
 
     $limiter->reset(RateLimiter::identifier(), 'login');
 
diff --git a/backend/loginWallet.php b/backend/loginWallet.php
index 3da516d..d4a2401 100644
--- a/backend/loginWallet.php
+++ b/backend/loginWallet.php
@@ -54,11 +54,15 @@ try {
     $stmt->execute([':pid' => $id]);
     $tokenData = $stmt->fetch();
 
-    if (!$tokenData || !hash_equals($tokenData['fingerPrint'], $fingerPrint)) {
-        securityLog("Wallet FP mismatch", ['id' => $id]);
+    if (!$tokenData) {
+        securityLog("Wallet no token row", ['id' => $id]);
         jsonError('Device verification failed', 403);
     }
 
+    // بصمة GCM تتغير في كل مرة (random IV) لذا نحدثها دائماً
+    $updateStmt = $con->prepare('UPDATE tokens SET fingerPrint = :fp WHERE passengerID = :pid');
+    $updateStmt->execute([':fp' => $fingerPrint, ':pid' => $id]);
+
     $limiter->reset(RateLimiter::identifier(), 'login');
 
     $jwtService = new JwtService($redis);