This is an entertaining talk given at Rocky Mountain Ruby Conference in Boulder, CO this year. Presenter T.J. Schuck, a developer at Harvest, goes over some poor choices/hopefully not-so-common mistakes developers make when handling authentication / passwords in general. Spoiler alert: The long and short takeaway is use bcrypt. I love this quote by Schuck:
By virtue of the fact that I have users, I have to be [a security] expert. Ignorance is not an excuse.
The presentation explains how authentication used to be handled (Plain text, hashed, hashed + salted, and finally bcrypt), and why bcrypt is a great choice for long-term maintained password protection.
I haven’t watched the rest of the videos from Rocky Mountain Ruby Conf, but I’d suggest going through the library and picking out some other topics that interest you.