Windows 10 security question: How do miscreants use these for post-hack persistence? Infosec duo worked out how to remotely set their own answers December 6, 2018 https://www.theregister.co.uk/2018/12/06/windows_10_security_questions_remotely_defined_answers/ "When everyone's dog is named Fluffy - Abusing the brand-new security questions in Windows 10 to gain domain-wide persistence" (PDF): https://i.blackhat.com/eu-18/Wed-Dec-5/eu-18-Baz-When-Everyones-Dog-Is-Named-Fluffy.pdf
The more they change things, the more folks discover things are not so changed after all. LSA Secrets goes back to Windows 98 if not mistaken. Cool find by those mad hatters