Ok, firstly have you checked out the restful_authentication plugin? If
not, you can make your life a lot easier by using it, and, if you
can't use it, it will definitely help you to make your own login
system work better.
In my login system based on restful_authentication i've got password
and password_confirmation as attr_accessors. You should be able to
send the #new or update_attribtes method the :password
and :password_confirmation keys and it will update them in the model
It sounds like you haven't got any point where your model assigns your
password to a column in the db (where it can be saved)
I've got a before_save hook which calls 'encrypt_password' method.
This generates a hashed password and salt and assigns these to the
database columns for storing my password (in my case hashed_password)
You can see all this in action by starting a new rails project, adding
restful_authentication plugin and generating the models
Hope that helps a bit, though it doesn't answer directly why you can't
update using update_attribute (seems a bit overcomplex) .BTW if you
need to bypass parts of the validation code when you're just updating
models, you can add :if => :method_name to the end of your validation
commands which will check the output of a method for boolean result so
you can selectively disable validation where necessary in certain
parts of your app.