Should I have a null: false constraint on my user model's password_digest column?

I would say yes, as it doesn’t make sense (in my app) for a user not to have any password at all. But I noticed it isn’t the default, and experience has taught me that Rails usually knows best.

What do you think?