So, while my.audi.com is certainly nice and useful, Im shocked at the obvious security loophole presented by the password reset feature. Basically, to take control of someone's myAudi account, you need the following information: email account associated with the user the answer to the secret question, which the user picked from a list upon registration When the secret question is along the lines of "Your father's first name" and "Which city where you born", its obvious that it does take much research to take control over an account. I notified my local dealer about this and they forwarded my concern to Audi (somehow), but that was months ago and nothing has changed. So what can you do with access to a my audi account? Well, first of all you can get a hold of information such as the VIN number, destination addresses, your Audi Link code, etc. Is there a better way to bring up the issue? I just feel it would be so simple to adjust the system to at least send you an email with a confirmation link before you can set a new password.