Using an Oauth Provider for Signup and Login makes most of these techniques moot. For the service Im working on, im using a wonderful OmniAuth gem that together with Devise allows for easy support of popular OAUTH providers such as Facebook, Twitter, Linked In, Google, you name it.
After dealing with forcing users to come up with yet another password to sign up for the service, I prefer that somebody else deals with that and I just store OAUTH tokens