Create custom validataion:
validate :check_email_and_password
def check_email_and_password
errors.add(:password, "can't be the same as email") if email == password
end
But keep in mind that storing password as a plain text is bad idea. You should store it hashed. Try some authentication plugin like authlogic or Restful authentication.