Hacker News new | comments | show | ask | jobs | submit login

If you're not already, use Devise.


It's ballin'. Bcrypt by default, too.

Devise has too many features that I don't really need. I followed Ryan Bates's advice - use nifty:authentication generator.

You can choose which features you use. For instance, I've never used the single sign on/access token functionality. The reset password, account lockouts, etc. are awesome.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact