Devise is actually really complex and heavy, and I don’t particularly recommend it for complete beginners. In fact, for a trivial project, even the the Devise github page recommends users first learn how to implement their own authentication systems.
Devise is a beast in its own regards, and for anything beyond the default settings can quickly become a pain. That said, it really is a great tool, and I do use it quite a bit.
That said – if you’re building a production app, use devise (even if you don’t really know what you’re doing).
Building your own authentication system is rife with pitfalls and traps, it’s only appropriate for apps that ultimately won’t cost your company/customers money and you your job, IMO.
Devise is complicated, but a lot of that complexity is a necessary evil of doing authentication generically and appropriately.
There’s also the built in has_secure_password.