[ceejayoz]

You should consider using a real-looking answer.

Someone doing social engineering may answer "It was a bunch of random characters/words, I'm sorry I don't have it in front of me" and have that accepted. If they don't accept it, hang up and try again with another rep until someone does.

Picking a random real place off Wikipedia (different for each website, and store that in 1password) avoids this.

[wolco]

Would this work with a real wikipedia word. Oops I can't remember call back.

[ceejayoz]

It's a question of effort, really. The bad guys get infinite tries; support only needs one person to fuck up once.

My hope would be their training largely prevents "oops I can't remember" getting through, but I suspect you'd eventually get someone quitting tomorrow who doesn't care, or someone having an off day.