Treat security questions as just another password prompt
One way to stop this line of attack is to treat security questions as just another password prompt. You can put any data into these fields, and it can be completely random. That way nobody can guess the answer from online info.
Of course, this is a bit of a problem when you're trying to remember one password by entering another. But you can use the same one or two passwords for all security questions. You will be no worse off than if the information can be obtained by anybody on the internet, and in most cases better off. Or you can store the info on USB keys, protected via Lastpass or similar online database which can be opened using a Yubico Yubikey, or even written down somewhere if that location is secure. Remember, this is a backup system for when you've forgotten a password, it doesn't have to be as convenient or easy as normal password entry.
