I see an incredible weakpoint: Your email account becomes your only defense, meaning the password on it must be strong and you still need to remember it. And you need 2FA.
Not that this is not the case already, email accounts are already important.
Password managers are already a barrier. Forgotten Password flow via email is an embarrassingly shitty UX and similarly shitty security protocol.
I wouldn't try to encourage the broken "Forgotten Password" protocol... it's usually the softest target of authenticating on the web.
While I first wrote an article about the absurdities of information security [in 2011][1], this specific extension is an idea I've had since [June 2015][2] - due to the absurd nature of the idea, I wanted to launch it on April Fools' Day, but that ended up causing it to be [dismissed as a joke out of hand altogether][3], so I figured I'd wait a day before posting it to Hacker News.
While the premise of the extension sounds like a joke, it's legitimately a good idea, and [one others have had independent of this][4]. I explain some of the thoughts and motivations behind NilPass's design here: https://nilpass.com/seriously/
[1]: http://www.cracked.com/article_18962_5-things-we-all-do-that...
[2]: https://github.com/nilpass/nilpass-branding/commit/6090b5cc9...
[3]: https://www.reddit.com/r/netsec/comments/62sgrp/presenting_n...
[4]: https://rempel.world/passwordless-method.html