This is the first question that came to my mind too. And it feels like a more accurate model of reality, since an anonymous user is a user, just without a username/password.

You could model this in other ways on the User model too, like having a registered_at column, which, when blank, means an unregistered user. (In case, for example, you wanted to autogenerate a username for anonymous users, for display purposes.)

That's a good point, I just thought the model of having the identity be separate from the login credentials made more sense. It has some nice benefits to separate them mentioned by ch below.

Yup. That's what we do.

I like the original approach and the way an admin can impersonate a user is a nice win.