1. Signup

Your browser transfers an encrypted verifier based your password. But it does not send the password itself.

2. Login

You enter your password - your browser exchanges encrypted data with the site to check if it was the right one.

3. Verify

You can see from the logs that your password was not send. The login process is different each time so it can't be replayed.

<% if @user %>

You are signed up as <%= @user.login %>.

<% end %>

<% if @user && @user.active %>

You are logged in.

<% end %>

<%= button_link(:signup, :primary => !@user) %>

<%= button_link(:login, :primary => @user && !@user.active) %>

<%= button_link(:verify, :primary => @user && @user.active) %>