[glvn]

Just don't answer those questions "truthfully. What I mean is I use 1password to store my credentials. So whenever a site asks me to provide 3 security questions and answer I will usually select 3 random questions (especially ones that don't apply to me like "where did you meet your wife", well i'm not married), then provide an answer like "dog bow rainbow toss three". Even if one place is breached and hackers find my "mothers maiden name", it's about as useful as a one time access token.

[ceejayoz]

You should consider using a real-looking answer.

Someone doing social engineering may answer "It was a bunch of random characters/words, I'm sorry I don't have it in front of me" and have that accepted. If they don't accept it, hang up and try again with another rep until someone does.

Picking a random real place off Wikipedia (different for each website, and store that in 1password) avoids this.

[wolco]

Would this work with a real wikipedia word. Oops I can't remember call back.

[ceejayoz]

It's a question of effort, really. The bad guys get infinite tries; support only needs one person to fuck up once.

My hope would be their training largely prevents "oops I can't remember" getting through, but I suspect you'd eventually get someone quitting tomorrow who doesn't care, or someone having an off day.

[packet_nerd]

I always try to use a real looking answer. This site makes it easy to pick:

https://www.randomlists.com/