In Unix and Linux based system you usually run services in context of service accounts that have no password set and cannot be logged on. As far as I have understood, the processes are spawned from a higher privileged process and switched to the service account using setuid.
Is the same possible on Windows based systems, or do you always have to set a password for service accounts?
If you do not want your service to run in an account with a password, you can configure it to run as local system, or as one of the built-in service accounts, NETWORK SERVICE or LOCAL SERVICE. Or, if you want finer-grained security, you can use a virtual account.
See the section "Using virtual accounts" in the Service Accounts Step-by-Step Guide for more information on virtual accounts. The Guide also describes managed accounts, which are domain accounts whose passwords are automatically managed by Windows.
Typically, you would just use NETWORK SERVICE or LOCAL SERVICE unless you need to give the service access to sensitive files or folders, or other securable objects such as registry keys.
Managed accounts are more complex than virtual accounts, but in an Active Directory environment you might want to use them if you need to give the service access to sensitive content on the network, such as a remote share or an SQL Server using integrated authentication.