When a user logs into the application, it will display the password as a string in the log. This is not at all safe. Whoever, have access to see the log can get to know about the personal passwords given by the user when logging into the application. To avoid this, add the line filter_parameter_logging :password in the application controller. After doing this your log won’t display the password as a string, rather it will display as password => [FILTERED] which is much secure.