It is often useful to disable the password of a system account such that the account cannot login using password.

For example, this is relevant for accounts that only login via SSH (using keys) or for batch or service accounts that never login interactively but are instead used to run a particular service, etc.

One way to disable the account’s password is to use passwd like this:

passwd -d username

from man passwd:

-d, –delete Delete a user’s password (make it empty). This is a quick way to disable a password for an account. It will set the named account passwordless.

If you are programmatically manipulating /etc/shadow directly, you can put in a * or a ! in the password field.

from: man 5 shadow

If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means).”