No, the user account is just locked by default on all tablets (770-N900) and the latest OpenSSH available for the N900 now doesn't allow login to locked accounts (a security change from previous versions of OpenSSH on Maemo1-4)

The "user" account doesn't need to be given a password (in fact doing so would increase the attack surface and could be considered a bad idea) - just unlock the account, and since it will have no password nobody can brute force a login (a good thing).

To unlock the user account use "passwd -u user" (as root) and then follow the N8x0/PuTTy guide here which explains how to login to the "user" account using only public/private keys. Consider using PuTTy Agent (x86) to store your private key (no need for "Connection -> SSH -> Auth" in step 5 of the guide), as this makes key management easier and also allows you to use FileZilla for scp access to your device using the same key.

Also, set a ridiculously strong password on the root account (passwd root) as you won't need to login as root very often assuming you use public keys to login as user, and sudo gainroot when root privileges are required. Locking the root account (passwd -l root) is a potentially better/more secure option as this would mean the root account can't be brute forced (you can still become root from user via sudo gainroot either on the device or over ssh) but could be a problem if you lost access to the GUI on the device.