Keep Hesperos user in my database and on the device. Read about hashing (hashing), salt (key salt), KDF
Keep the username and password of the user on the device is not secure - anyone who has received access to the device, if desired, will be able to get them out and to access user data in your service.
UPDATE: actually you need to store a hash of the user password hash