diff --git a/lib/util/http/auth.ts b/lib/util/http/auth.ts
index e6ac53f26c21b1fbd06cadb54ba68bad1705dace..6e98d5f582bdb31536aa5275a9de379789928cfc 100644
--- a/lib/util/http/auth.ts
+++ b/lib/util/http/auth.ts
@@ -39,7 +39,7 @@ export function applyAuthorization(inOptions: GotOptions): GotOptions {
       options.headers.authorization = `Bearer ${options.token}`;
     }
     delete options.token;
-  } else if (options.password) {
+  } else if (options.password !== undefined) {
     // Otherwise got will add username and password to url and header
     const auth = Buffer.from(
       `${options.username || ''}:${options.password}`
diff --git a/lib/util/http/host-rules.ts b/lib/util/http/host-rules.ts
index b6690fedbe0da37687b9c02207fc6db60a63cec1..f83f599b1c786cc5649b95cfa7ed983c12324b45 100644
--- a/lib/util/http/host-rules.ts
+++ b/lib/util/http/host-rules.ts
@@ -15,7 +15,7 @@ export function applyHostRules(url: string, inOptions: GotOptions): GotOptions {
   const { username, password, token, enabled } = foundRules;
   if (options.headers?.authorization || options.password || options.token) {
     logger.trace({ url }, `Authorization already set`);
-  } else if (password) {
+  } else if (password !== undefined) {
     logger.trace({ url }, `Applying Basic authentication`);
     options.username = username;
     options.password = password;