diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py
--- a/rhodecode/model/db.py
+++ b/rhodecode/model/db.py
@@ -828,12 +828,10 @@ class User(Base, BaseModel):
         Session().add(usr)
         log.debug('updated user %s lastactivity', usr.username)
 
-    def update_password(self, new_password, change_api_key=False):
-        from rhodecode.lib.auth import get_crypt_password,generate_auth_token
+    def update_password(self, new_password):
+        from rhodecode.lib.auth import get_crypt_password
 
         self.password = get_crypt_password(new_password)
-        if change_api_key:
-            self.api_key = generate_auth_token(self.username)
         Session().add(self)
 
     @classmethod
diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py
--- a/rhodecode/model/user.py
+++ b/rhodecode/model/user.py
@@ -308,9 +308,6 @@ class UserModel(BaseModel):
             new_user.name = firstname
             new_user.lastname = lastname
 
-            if not edit:
-                new_user.api_key = generate_auth_token(username)
-
             # set password only if creating an user or password is changed
             if not edit or _password_change(new_user, password):
                 reason = 'new password' if edit else 'new user'