[imtringued]

> But you should never give the correct answer for password recovery.

Exactly. You're supposed to use your password manager to generate a second password and use that as your answer. I know this sounds stupid but it is the only way to stay safe.

[dhimes]

The only problem with this is if you have to read it to someone live. Otherwise, yes!

[woodrowbarlow]

i've heard stories of call centers accepting "oh, i don't remember, i just typed a bunch of random letters and numbers" as confirmation over the phone.

[grewil2]

Very good idea!