Perhaps this has changed between how the question was asked (2011), and now, but at the beginning I faced the same problem - I added all the tests for the password, etc., and the user initialization itself was otherwise using " unknown attribute: password. "
At first glance, GrahamJRoy's answer (and, more importantly, the subsequent development comment) fully satisfied my confusion.
However, I continued to read the next section of the tutorial and found out that the next line in the User model implies the same thing:
has_secure_password
Once I added this, I no longer need an explicit attr_accessor declaration:
attr_accessor :password, :password_confirmation
My only complaint in this tutorial is that Michael does not warn you that ALL of your user links will fail if you add the password: and password_confirmation in User.new () when you are in the tutorial see the updated constructor. I expected that only new tests would fail, thought that I was disconnected, and therefore looked in another place (for example, here) for a solution before continuing the tutorial.