User validation of password

I have a User model that validates password presence:
validates :password, :presence => true,
                      :confirmation => true,
                      :length => { :within => 6..40 },

Password is never stored in the db. Now the problem is that the user
has a:
  belongs_to :owner, :polymorphic => :true

This means it contains a key to the owner. When setting the owner, the will be called and the password validation will fail as
password is not present at that time. I also have several other data
like user.personal_message that I was updating through save, :validate
=> false.

How can I still keep my password validations and be able to internally
call save and run all but those validations(I.E I only want the
password validations to run when user edits the user or creates a new
user). Its really important to validate when editing( on update)

Only validate :password :on => :create. If they are editing their user account and change only their name for example, you don't want or need to validate their password as they aren't changing it.

Also, only validate it's confirmation/length if it or it's confirmation exists.