Allowing multiple user identifiers is discussed on the Devise wiki which I have linked here.

Update: However, as I now understand, you want two separate sets of credentials (userid/pw1, and email/pw2) for some reason.

I think the answer to your question is that “while it’s possible to accomplish with Devise, it’s far more effort to change Devise than it is to write yourself”. If you look at the link, there’s actually a fair amount of work needed to make the simpler change of accepting either userid or email for the same password. It gets even more complicated when implementing your requirements.

Unless you really create your own system from scratch, either Devise or Rails’ built-in has_secure_password both make several assumptions about the name of the attribute holding the password (i.e. that it’s called password). And while there’s an assumption that there’s a (single) model containing the authentication information and this attribute, I see no reason why you couldn’t have two models, perhaps both belonging to a User model, each of which provide the basic functionality of encrypting, storing, and validating the attributes for the method the user has used, but for which all of the other functionality is provided by the parent User record, and its controllers and views. Some simple logic in the User model determines which method is being used and farms off that functionality to the appropriate sub-model.

So yeah, it can be done, and I would suggest has_secure_password will be simpler in your unusual case.

But perhaps it’s worth asking: if I am the first person to encounter this situation, perhaps there’s an alternative that could meet my requirements that follows some existing convention or approach. For example, is this a “single sign-on” interface that provides authentication for several unrelated services? If so, that might be the thing to search for.