TLDR (not currently available in Rails 7.x) the secure password module in Rails has a method called authenticate_by which allows you to pass in any identifers and password like arguments to perform authentications.
It also reduces the risks of timing attacks.