You can create devices (clientId+Username) without a password and it will work, even
when you edit that device afterwards as long as you leave empty password field to ensure
it remains untouched (be it empty or not).
However this have two problems:
a) You cannot set an empty password for a device that did have one on creation as the
edition form has no way to distinguish between “leaving the password as it is” and “do set an empty password…”
b) Plus the fact that creating devices without password is not recommended as it makes you depend on how client device undestanding sending no password, which makes some MQTT client to work while others don’t, creating confusing situations.
Our recommendation: always adjust a password, and in the case you want to configure empty password, make it have an only known by you token (the larger the better).
About your question: yes, it should work without password but we can’t know if it wasn’t working because it didn’t have a password and there was a client side problem or it did have a password in the beginning and you were expecting to connect without it (obviously it won’t work).
About the implicit question of showing passwords: just confirm all passwords are hashed so it is not possible to get access them to be shown. That’s why password field is always blank.
We will pass a note to programming to make that field show a note to change
Device password by
Leave it blank to keep current password, provide one to change it