[bcraven]

Remember that your answer to that need not necessarily be accurate. You can invent a 'security city' perhaps and always give that... or just give a randomly generated password that you store alongside in your password locker.

[OJFord]

And if you use a long pseudo-randomly generating string, you will amuse support (and annoy yourself) when you have to read it all out...

(Switched to correct-horse-battery-staple style for those after that.)

[InitialLastName]

Support Operator: We need to answer some security questions. To start with, what was your mother's maiden name?

Scammer: "Oh, I just entered a long stream of random digits, but I can't find where I wrote it down"

Operator: "Good enough. How large a credit line did you say you wanted?"

[OJFord]

What happened in my case (password reset for the online account for a credit card) was rather:

Operator: ...

(Real) me: Err.. all of it? [hoping p,q,r-th characters will be enough]

Operator: Yes please.

[staticassertion]

FWIW, having gone through support with Vanguard, they didn't even acknowledge that they were random strings when I said they would be. They seemed well trained, at least the one I spoke with.

[staticassertion]

I use a random string and store it in a password manager per-site.