Authentication is likely the first feature you would build if you would be starting from scratch. But you don't need to anymore since Business Class implements a well-tested email and password authentication with an option to protect user accounts with two-factor OTP flow.
Email and password authentication is the most common, easily understood protection of an user account. Business Class implements it using Devise, the most used authentication option for Rails applications big and small.
Start your new applications with password resets, account locking or email change reconfirmations on day 1.
Passwords are good but often not enough. Your most important corporate customers might have internal policies on additional protections of their accounts. Similarly you might probably protect your administrator accounts a bit more.
For these reasons, users can enable two-factor authentication with OTP. This OTP flows blends nicely with the rest by relying on the devise-otp gem.
All authentication flows, including invitations and two-factor OTP confirmations, are well tested using the Rails system tests. This will forever ensure your most important flows are never broken in production.