I'm not sure of any reason to not give the user account a password (on this platform). ... I also recommend assigning a strong root password, to help insulate against generic userland exploits.
If the passwordless method described is chosen, the user MUST disable password authentication in /etc/ssh/sshd_config (or anyone connecting will be granted shell access (and presumably, soon thereafter, root)).
Amen to the strong root password! However, the method described does not allow passwordless logins, on the contrary, since "NP" is not the hash of any password, login with password is now impossible both locally (as before) and via ssh. (I just verified that by changing my sshd_config and trying.)
My reasoning for not assigning 'user' a password is to avoid any conflicts with other changes during system updates. (Extra file instead of changed file, I still have a root password hash in /etc/passwd though...)
It does not really make a big difference probably, it is, however, actually more secure than assigning a password!
