Before I begin, I am using Ruby on Rails and the Devise gem for user authentication.

Hi, I was doing some research about account security and I found a blog post about the topic awhile ago but I can no longer find it again. I read something about when making a login system you should have 1 model for User, this contains a user's username, encrypted password, and email. You should also have a model for a user's Account. This contains everything else. A User has an Account.

I don't know if I'm explaining this correctly since I haven't seen the blog post for several months and I lost my bookmark.

Could someone explain how and why I should or shouldn't do this. My application deals with money so I need to cover my bases with security.

Thanks.