diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb
index 22f00ad2..2a1f6a5a 100644
--- a/app/controllers/devise/sessions_controller.rb
+++ b/app/controllers/devise/sessions_controller.rb
@@ -13,11 +13,11 @@ class Devise::SessionsController < ApplicationController
 
   # POST /resource/sign_in
   def create
-    if resource = authenticate(resource_name)
+    if resource = warden.authenticate(:scope => resource_name)
       set_flash_message :notice, :signed_in
       sign_in_and_redirect(resource_name, resource, true)
     elsif warden.winning_strategy && warden.result != :failure
-      authenticate!
+      throw :warden, :scope => resource_name
     else
       set_now_flash_message :alert, (warden.message || :invalid)
       clean_up_passwords(build_resource)
diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb
index d59f8fba..d918b2e0 100644
--- a/lib/devise/controllers/helpers.rb
+++ b/lib/devise/controllers/helpers.rb
@@ -23,18 +23,6 @@ module Devise
         false
       end
 
-      # Attempts to authenticate the given scope by running authentication hooks,
-      # but does not redirect in case of failures.
-      def authenticate(scope)
-        warden.authenticate(:scope => scope)
-      end
-
-      # Attempts to authenticate the given scope by running authentication hooks,
-      # redirecting in case of failures.
-      def authenticate!(scope)
-        warden.authenticate!(:scope => scope)
-      end
-
       # Check if the given scope is signed in session, without running
       # authentication hooks.
       def signed_in?(scope)
diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb
index 1dffb632..3874d979 100644
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@@ -67,10 +67,11 @@ module Devise
           update_attributes(params)
         else
           self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
-          self.attributes = params.except(:password, :password_confirmation)
+          self.attributes = params
           false
         end
 
+        clean_up_passwords
         result
       end
 
diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb
index 8f94b317..370edb23 100644
--- a/test/integration/database_authenticatable_test.rb
+++ b/test/integration/database_authenticatable_test.rb
@@ -265,6 +265,24 @@ class AuthenticationTest < ActionController::IntegrationTest
     assert_contain 'Welcome to "sessions/new" view!'
   end
 
+  # Custom strategy invoking custom!
+  test 'custom strategy invoking custom on sign up bevahes as expected' do
+    Warden::Strategies.add(:custom) do
+      def authenticate!
+        custom!([401, {"Content-Type" => "text/html"}, ["Custom strategy"]])
+      end
+    end
+
+    begin
+      Devise.warden_config.default_strategies(:scope => :user).unshift(:custom)
+      sign_in_as_user
+      assert_equal 401, status
+      assert_contain 'Custom strategy'
+    ensure
+      Devise.warden_config.default_strategies(:scope => :user).shift
+    end
+  end
+
   # Access
   test 'render 404 on roles without permission' do
     get '/admin_area/password/new', {}, "action_dispatch.show_exceptions" => true