diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index 916c76a48..7f3883c7b 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -14,9 +14,9 @@ def update
     if current_user.update(user_params)
 
       if current_user.unconfirmed_email.present?
-        flash[:danger] = I18n.t("devise.registrations.update_needs_confirmation")
+        flash[:danger] = 'Your account has been updated, but we need to verify your new email address. Please check your email and follow the confirmation link.'
       else
-        flash[:info] = I18n.t("devise.registrations.updated")
+        flash[:info] = 'Your account has been updated successfully.'
       end
 
       redirect_to (session.delete(:target) || root_url)
diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
index 638c69d74..f61ec8d4d 100644
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -62,7 +62,7 @@ def authenticate_with_hash(user = nil)
       flash.now[:info] = "You have signed in with #{auth_hash.provider_name}."
       logger.info "Signing in user #{@user.inspect}"
 
-      @user.skip_confirmation!
+      @user.confirmed_at = Time.current
       sign_in @user
 
       redirect_to after_sign_in_path_for(@user)
diff --git a/app/models/speaker.rb b/app/models/speaker.rb
index ad05112f6..8f8e0532d 100644
--- a/app/models/speaker.rb
+++ b/app/models/speaker.rb
@@ -40,7 +40,7 @@ class Speaker < ApplicationRecord
   validates :event, presence: true
   validates :bio, length: {maximum: 500}
   validates :name, :email, presence: true, unless: :skip_name_email_validation
-  validates_format_of :email, with: Devise.email_regexp
+  validates_format_of :email, with: /\A[^@\s]+@[^@\s]+\z/  # equivalent to Devise.email_regexp
 
   attr_accessor :skip_name_email_validation
 
diff --git a/app/models/user.rb b/app/models/user.rb
index ab570b158..0dcf11d39 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -22,12 +22,12 @@ class User < ApplicationRecord
   validates :bio, length: { maximum: 500 }
   validates :name, presence: true, allow_nil: true
   validates_uniqueness_of :email, allow_blank: true
-  validates_format_of :email, with: Devise.email_regexp, allow_blank: true, if: :email_changed?
+  validates_format_of :email, with: /\A[^@\s]+@[^@\s]+\z/, allow_blank: true, if: :email_changed?  # equivalent to Devise.email_regexp
   validates_presence_of :email, on: :create, if: -> { provider.blank? && identities.blank? }
   validates_presence_of :email, on: :update, if: -> { provider.blank? || unconfirmed_email.blank? }
   validates_presence_of :password, on: :create
   validates_confirmation_of :password, on: :create
-  validates_length_of :password, within: Devise.password_length, allow_blank: true
+  validates_length_of :password, within: 6..128, allow_blank: true
 
   before_create :check_pending_invite_email
 
@@ -58,13 +58,13 @@ def self.create_from_omniauth!(auth, invitation_email = nil)
     user = new(
       name: auth['info']['name'],
       email: invitation_email || auth['info']['email'] || '',
-      password: (password = Devise.friendly_token[0, 20]),
+      password: (password = SecureRandom.hex(10)),
       password_confirmation: password
     )
     user.identities.build(provider: auth.provider, uid: auth.uid, account_name: auth.account_name)
 
     if invitation_email.present? && (user.email == invitation_email)
-      user.skip_confirmation!
+      user.confirmed_at = Time.current
     end
 
     user.tap(&:save!)
@@ -72,7 +72,7 @@ def self.create_from_omniauth!(auth, invitation_email = nil)
 
   def check_pending_invite_email
     if pending_invite_email.present? && pending_invite_email == email
-      skip_confirmation!
+      self.confirmed_at = Time.current
     end
   end