Allow a user to pass in empty password if their password is actually an empty string

[yondonfu]

Right now empty strings are rejected as passwords. For testing purposes, we might want to allow empty passwords