I've never generated an API key, and Linode showed it as blank. I generated a new one anyway, but I can't imagine how they'd have a default key and somehow not show it in the UI.
I know. I've asked for further clarification, especially since their email on Friday said API keys should be reset "if applicable."
Edit: Groan, here's their clarification. It's starting to look like they don't know what the heck they're talking about:
"Thanks for getting back to us. To be extra cautious it would not hurt to regenerate your Linode API key. You can do that in your user profile. Please let us know if you have any other concerns we can address."
After seeing your original post here, I also asked for clarification, and received a similar reply from support:
The Lish password is set to a random string by default, however we would still recommend resetting this password even if you had not set one manually previously.
I had expected that if the password was not set, then password auth was disabled. I've told them that's what I want and have asked when it will be implemented.
I'm kind of upset they didn't clarify this in the initial email/blog entry. The way it was worded ("if applicable") implies that resetting the API might not be necessary in some cases. I think it is reasonable to assume that those who never generated an API key in the first place would've fallen under such a bucket.
Now it sounds like basically everyone should have reset their API key. Bleh.
