I''ve implemented password reset using Authlogic basically following this tutorial http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/ Everything works fine except if the user leaves both the password and password_confirmation as blank no errors are generated. I read the docs and I understand that this is how it''s suppose to work by default authlogic ignores blank password. For example when a user is editing his profile they might leave the password blank which means no change to the password. For password reset the password needs to validated. Is there a way to configure authlogic to validate password only during password reset.