As we allow users to connect without a password (e.g. via CertFP as in #77, or via a token), we should prevent users from performing security-sensitive actions without the password (for instance, changing the password or deleting the account).