Devise is definitely my rails authentication of choice, really simple to implement. sample user model below:
class User < ActiveRecord::Base # Include default devise modules. Others available are: # :token_authenticatable, :lockable, :timeoutable and :activatable # :confirmable devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable # Setup accessible (or protected) attributes for your model attr_accessible :email, :password, :password_confirmation end
little tip, to disable signup just comment out :registerable that will remove all routes relating to signup and effectively cut out access to that area.