If you’re setting up an automated Debian install, your users and passwords will be set up something like
passwd passwd/root-login boolean false passwd passwd/make-user boolean true passwd passwd/user-fullname string Adam Baxter passwd passwd/username string voltagex passwd passwd/user-password string changeme passwd passwd/user-password-again string changeme #you can also use user-password-crypted and supply a hash of the password, #see this StackExchange question for details
in your preseed.cfg. This example would set up a user with a username of voltagex and a not-very-secure password of changeme, as well as sudo permission.
The trick with this is you can actually enforce password policies at the same time with a late-command that runs just before the system reboots:
preseed preseed/late_command string in-target passwd --expire voltagex
This will set the password to “expired” and result in the following when the user first logs in: