[nesadi]

So what's your solution? You have to put in something, and putting in the real maiden name seems like the worse option to me. Social engineering is going to be the weakest point no matter what you do, so I don't see how anything you do could defend against it and why you should account for it if there isn't anything you can do.

[rgacote]

I use nonsense terms which are easily readable. Mother's maiden name: Lady of Amberly, first maid of countess Blue, inheritor of the golden bull.

[close04]

Putting an actual name in there is probably a lot safer than anything that might be described by a human as "just some gibberish". Pick an uncommon name, maybe from another country, maybe spell it in a different way, as long as it's still recognizable as a plausible name. Most operators wouldn't fall for it if the attacker says "just some random characters". The important part is to not reuse the name between registrations.

Combine this with similar unique answers to other questions and the chances of someone guessing them all become really small.

One thing I never tried is to just put something like Anyone_trying_to_reset_this_password_is_a_hacker_DQWIqw12E^1&UTFD@&$. Might be an inconvenience if you actually need to reset yourself.

[saagarjha]

How about "Make_sure_the_person_says_this_exactly_AB2hyiL3BTlJptJQh5KnINqSfxfY2J3Mj"

[orev]

If you use any kind of name you run the risk of it being guessed. Use a passphrase generator to get something completely random and easy to say over the phone.

[RussianCow]

There are thousands if not millions of possible names you could use. As long as you don't use something very common, you should be okay.

[4ntonius8lock]

I like the historical characters reference.

Personally I include many literary/media characters. Even my name on this site.

[hprotagonist]

go on...

[4ntonius8lock]

Antonius Block is the knight who plays chess with death in the Seventh Seal.

[anamexis]

Seems like a randomly selected fake name and fake address would work.

[namirez]

I always use valid but fictitious names. For example my mother's maiden name could be Roberts or my first car could be Chevy. Of course I use different and more obscure answers on different websites and save them all in a password manager.

[inetknght]

> So what's your solution? You have to put in something, and putting in the real maiden name seems like the worse option to me.

Instead of a gibberish generator (ala password managers' defaultly-generated passwords), use a _word generator_. Something like "correct horse battery staple" except, you know, not the popular words.

Then, of course, make sure to include those secrets in your password manager.