Instead of if the user does not have a password hash. This allows a SSO user to add a password to their account, but only if the local password database is configured.
