Almost always you need to protect user passwords. Using MD5 or SHA1 is so old school try something new: Bcrypt.
Uncomment following line in Gemfile:
gem 'bcrypt-ruby', '~> 3.0.0'
Create a new model with field password_digest. When add this line to model:
And that's it you now have safe password storage. To Authenticate password try this:
User.find_by_username('Tom').try(:authenticate, 'cool') => true
Thanks for reading!