Up until now I have always used restful_authentication, with a few tweaks it's always been fine so far, but I do really need to have a play with Authlogic.
As far as the others' answers go I can see their points of view, simplicity is often very beneficial, but I disagree that the out and out right answer is to put all that information in your user model. I would consider your application in general, how many models are you likely to have in total, how many of those will need addresses for example? Straight away I would be very tempted to move the address at least into a separate model.
Personally I believe its better to start with normalized tables then maybe evaluate de-normalizing if you can justify the performance gains. Remember you are probably going to be loading the user object frequently, if you do achieve a high login rate that bloated model could become a source for improvement, which later down the line could be harder to do than now.
As with most things it's a trade off that needs to be answered in each set of circumstances. I hope a different insight is of some use, I just think you should consider the other side of the coin too, hope that helps.