I love the ThoughtBot Clearance gem (https://github.com/thoughtbot/clearance) for Rails authentication. But I'd like to expand my knowledge base in what/how I can make it more-better :)
I've used Devise (https://github.com/heartcombo/devise) in past projects, there's a great extension called "Devise Security Extension" written by Phatworx (https://github.com/phatworx/devise_security_extension) to add some additional features to Devise.
From Devise Security Extension
It is composed of 7 additional Devise modules:
:password_expirable - passwords will expire after a configured time (and will need an update). You will most likely want to use :password_expirable together with the :password_archivable module to prevent the current expired password being reused immediately as the new password.
:secure_validatable - better way to validate a model (email, stronger password validation). Don't use with Devise :validatable module!
:password_archivable - save used passwords in an old_passwords table for history checks (don't be able to use a formerly used password)
:session_limitable - ensures, that there is only one session usable per account at once
:expirable - expires a user account after x days of inactivity (default 90 days)
:security_questionable - as accessible substitution for captchas (security question with captcha fallback)
:paranoid_verification - admin can generate verification code that user needs to fill in otherwise he wont be able to use the application.
I've done a quick search for this but Google didn't seem to come up with anything promising right off the bat. I'll keep digging but if I don't find anything I'll need to consider that I'd have to write something from scratch to extend some of the features like password rotation.
Does anyone know of any good extensions for clearance that have some similar features?