1. 1
  1.  

  2. 1

    Mostly this looks like another way to exploit security questions, which we’ve known to be bad for a while now.

    A possible solution for users is to use their password manager to store randomised answers per-site. A possible solution for sites is to use out-of-band (ie, not in the browser) verification, such as email or alerts to registered phones.