[JumpCrisscross]

> The problem with this is that the "security" question will often be asked over the phone. At this point an answer of "Oh I just mash the keyboard for those" is probably going to get an attacker access to your account

I used to do this and then lost my password file. Fast forward to a call with AT&T. I told them I forgot my secret answers. They offered that it was "a super weird answer," which let me use the "mashed keyboard" line and got in. TL; DR I think this system is less safe than just making up cars, cities, et cetera.

[ncallaway]

Yea, I always use a handful of random words. That way, it's something pronouncable over the phone.

Still, I expect "oh, it's a random word not related to the question" would clear phone screen human layer of verification a good percentage of the time.

[thaumasiotes]

I can confirm that "I'm not going to be able to tell you the secret answer" was accepted by Blizzard when they locked my account and made me apply to have it unlocked.

I'm still bitter about that. I put garbage in the answer to the secret question because I planned not to forget my password. I didn't forget my password, but Blizzard nevertheless locked me out of my account, for the crime of using a payment card that was listed on my account, but wasn't listed as my "preferred" payment option.

[pishpash]

Yes, you should just make up a fake personal profile, and base your answers on that. True answers and human-bypassable answers are all bad, whereas fake answers open you up to a world full of entropy.

[ohazi]

correct horse battery staple?

[alphast0rm]

This is a reference to the XKCD comic, Password Strength [1].

[1] https://xkcd.com/936/

[isostatic]

And for those who think the reference is so well known it doesn't need citing: https://xkcd.com/1053/

[Chris2048]

Quite Frankly - bad math. You judge people based on how old they are..

[auxbuss]

A fun place for names:

http://www.fantasynamegenerators.com/