[kyleknighted]

I use 1Password and randomly generate answers for each question and log them in the "Notes" of the account.

I'm sure other tools like KeePass have similar sections to do the same thing.

That way the answers aren't reproducible and you have them safely stored somewhere.

[ascagnel_]

As an added bonus, this means someone armed with the real answers to those questions won't be able to get access.

When Sarah Palin's "personal" email was hacked during the 2008 election, the attacker used her Wikipedia page and recovery questions.[0]

[0]: http://nypost.com/2008/09/19/dem-pols-son-was-hacker/

[spacehome]

'hacking'

[Shanea93]

"to circumvent security and break into (a network, computer, file, etc.), usually with malicious intent"

Just because they didn't impress you by finding a side channel timing attack for the password hashing algorithm used by Yahoo, doesn't make it any less of a hack.

Why spend millions investing in a network of computers to break encryption, when the key can be gained far more easily with a $20 tire wrench applied with sufficient force to the DBA's knee caps?

[Nadya]

I do this but it poses a problem for, as an example, banking. When they ask you the answer to your security question over the phone and you don't have access to your computer/password manager. Let's say you're one of those weird people without a laptop and your account is frozen while travelling overseas.

Having a cat named 1FD362BW9L6MBOWRD23SEF43 becomes a huge problem...

[kyleknighted]

That's why I like 1Password. It's on my phone, so it's accessible, and I can do "words" instead of "characters".

So, I could very well have my mother's maiden name be "panda porpoise flutist sandpile", but I understand what you're saying. It may not be for everyone, but I work in the security sector and usually over-paranoid is better than ill-prepared.

[jacobsenscott]

Yes, this is the right way to go. Unfortunately it is limited to the tech savvy. Also, I know somebody who needed to contact a company by phone, and he needed tell the rep his security answer. He had to read off his 20 random characters. Pretty lol.