Difference between ! vs !! vs * in /etc/shadow

Both "!" and "!!" being present in the password field mean an account is locked.

As it can be read in the following document, "!!" in an account entry in shadow means the account of an user has been created, but not yet given a password. Until being given an initial password by a sysadmin, it is locked by default.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/System_Administration_Guide/s2-redhat-config-users-process.html

It may also be worth noting <account>::..... meaning that there is no password required (empty password).

If you are creating an ssh key-only user you could use <account>::0:0:99999:7::: to require that the user set their password (i.e. that they use for sudo) on their first login.

Note: key-only authentication means that a password is NOT an authentication factor.