Yeah, the official AWS AMIs have had password auth disabled for a very long time but I’m pretty sure I remember some third parties learning the hard way that setting a default password and telling people to change it isn’t good enough.