AWS is allowing to create a user without any permissions as opposed what is mentioned in the course. Is this due to an update to AWS?

The course mentioned that you can create a user without permissions; however, the user that you create will have no permissions whatsoever

All users start with no permissions in AWS.  Permissions must be granted for access.  For a good overview, see: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html

It looks like creating a user without specifying any permissions now implicitly includes the ‘IAMUserChangePassword’ managed policy. This will allow the user to change their password upon initial login, but will not grant access to any AWS resources.