If you already have the user name in the hash (i.e as key) then you can check whether it actually holds any value in it by:

 if ($hash{"user_name} =~ /^\s*$/) {
       # Logic goes here to insert a password
       $hash{"user_name} = $password;
}
[download]

Note that the above logic is written based on the assumption that the password cannot be just space characters and also no need to insert a password to an user who already has a password.