The has_secure_password module automatically adds this validation: validates_presence_of :password_digest. And, there is no way to bypass this validation.
One solution that I can think of is to fallback to the secured password theory explained in the previous version of rails tutorial (http://ruby.railstutorial.org/chapters/modeling-and-viewing-users-two?version=3.0#sec:secure_passwords) and roll your authentication mechanism instead of using has_secure_password.