[proverbialbunny]

I think there is a better solution: On a new install on first login, over ssh or on the gui, a user/password must be created.

This way the initial login only works once. Both gui user/pass and ssh user/pass are tied by default.

[foxrider]

This is how it works in ARMbian. It forces a password change on first login. It can be annoying if you intend on deleting the alarm user right after that, but I can easily see why. "Default" passwords are always suboptimal.