Thread: AAMC account security is laughable. Today I had to log in to submit an LOR for a med student applying to residency, and of course I had no idea what account name or password I used 10 years ago, so I started by clicking 'forgot username'. (1/5)

So the AAMC emailed my username to the hotmail account I used 10 years ago. Then I failed to guess my old AAMC password x 3, so I clicked 'forgot password'. That brought me to a page where I had to answer 2 security questions, including "What hospital were you born in?" (2/5)

I failed both security questions spectacularly (?? what hospital WAS I born in? Did I choose that as a question? I can't imagine I did) and resigned myself to having to call some godawful help line to prove my identity, but that's not what happened. (3/5)

Instead, the webpage refreshed with a notice that since I had failed my security questions, they would be mailing a password reset link to my email account. The same one I used to retrieve my username. Why even *have* security questions, then? (4/5)

The moral of the story is, if any med student wants to write their own amazing LOR from any attending in the world, all they need to do is get the password to the email account the attending used when applying to med school. (end thread)