I don't know if it's a good practice or not, but i usually just pick a word to use for all security questions, that's totally unrelated to the question.
ex. I what town did you first meet your best friend? "potato".
> Sometimes I use a straight up password generator for the answers. Hope I never have to give those out over the phone.
I filled the security answer for my Blizzard account with random ascii garbage, which I didn't record, confident that I would always know my password.
That was true. But Blizzard disabled my account for purchasing time codes with a credit card other than the one that my account designated "preferred payment". (The card I was paying with was also listed under my account, but it wasn't "preferred". I have no idea what attack they think they're defending against.)
I had to call in. Phone-based customer service accepted "I don't think I can give you the answer to the security question" as a valid answer.
I've had to do it a few times, because I do that same thing. They usually respond with exasperation and say something like, "No, sir we need your security answer not your password." Then it's my turn to be exasperated and say, "No, check again, that's the answer." Very fun.
Don't do that unless you don't care about that account. Often the answer to a security question effectively acts as a password. You are not defending against someone guessing your answer, you are defending against someone using an automated dictionary attack. A common word like 'potato' scores quite high in the common password lists.
A safer option is to just generate a random password for those questions as well and store it on your password manager.
If you do that then it's super easy to social engineer the company in question. "I don't know what I put for mother's maiden name, I just mashed the keys a lot on that".
Sometimes I use a straight up password generator for the answers. Hope I never have to give those out over the phone.