clerk · dmoerner · Aug 22, 2025 · Aug 21, 2025
diff --git a/.changeset/khaki-ravens-cheer.md b/.changeset/khaki-ravens-cheer.md
@@ -0,0 +1,5 @@
+---
+'@clerk/clerk-js': patch
+---
+
+Update `UserSettings.instanceIsPasswordBased` to return true if password is enabled but not required.
diff --git a/packages/clerk-js/src/core/resources/UserSettings.ts b/packages/clerk-js/src/core/resources/UserSettings.ts
@@ -191,7 +191,7 @@ export class UserSettings extends BaseResource implements UserSettingsResource {
   }
 
   get instanceIsPasswordBased() {
-    return Boolean(this.attributes?.password?.enabled && this.attributes.password?.required);
+    return Boolean(this.attributes?.password?.enabled);
   }
 
   get hasValidAuthFactor() {

diff --git a/packages/clerk-js/src/core/resources/__tests__/UserSettings.spec.ts b/packages/clerk-js/src/core/resources/__tests__/UserSettings.spec.ts
@@ -75,6 +75,18 @@ describe('UserSettings', () => {
         },
       },
     } as any as UserSettingsJSON);
+
+    expect(sut.instanceIsPasswordBased).toEqual(true);
+
+    sut = new UserSettings({
+      attributes: {
+        password: {
+          enabled: false,
+          required: false,
+        },
+      },
+    } as any as UserSettingsJSON);
+
     expect(sut.instanceIsPasswordBased).toEqual(false);
   });
 

diff --git a/packages/clerk-js/src/ui/components/SignIn/__tests__/SignInStart.test.tsx b/packages/clerk-js/src/ui/components/SignIn/__tests__/SignInStart.test.tsx
@@ -437,7 +437,7 @@ describe('SignInStart', () => {
       it(`calls sign in with identifier again with only the email if the api respondes with the error ${code}`, async () => {
         const { wrapper, fixtures } = await createFixtures(f => {
           f.withEmailAddress();
-          f.withPassword({ required: true });
+          f.withPassword();
         });
 
         const errJSON = {

diff --git a/packages/clerk-js/src/ui/components/UserProfile/__tests__/SecurityPage.test.tsx b/packages/clerk-js/src/ui/components/UserProfile/__tests__/SecurityPage.test.tsx
@@ -32,9 +32,7 @@ describe('SecurityPage', () => {
 
   it('renders the Password section if instance is password based', async () => {
     const { wrapper, fixtures } = await createFixtures(f => {
-      f.withPassword({
-        required: true,
-      });
+      f.withPassword();
       f.withUser({ email_addresses: ['[email protected]'] });
     });
     fixtures.clerk.user?.getSessions.mockReturnValue(Promise.resolve([]));