[rantallion]

The best suggestion I've seen for handling security questions is to use the same stupid response for all of them. Mum's maiden name? 'waffles'. City of birth? 'waffles'. Brand of your first car? 'waffles'. No-one's going to glean that from the internet, and it's going to be difficult for you to forget once you've formed the habit.

[FlyingAvatar]

This is poor advice.

A lot of the time these can be used to reset your password, so you've compromised the security of your (hopefully much more intelligently) chosen password. In addition, if a breach ever leaks or a phishing attempt ever intercepts your security question answers, you expose all your accounts to takeover.

[LilBytes]

My secret questions have nonsensical answers but are all unique per app/website which are recorded.

Makes social engineering nearly impossible.

[shyn3]

Just don't put random characters as the answer.

[Tagbert]

True. That makes it very hard when you have to recite it back to a customer service person. Best just to use arbitrary, real words and then store the questions and answers in your password manager.

[ChadNauseam]

Once I was on the phone with Blizzard support, and they asked me to verify the answer to one of my security questions. I said “oh, it’s probably just a bunch of random letters” and she said “uh, yeah, it is actually” and let me into my account. So be aware of that as an attack vector too

[shyn3]

This is what I was hinting at but not as coherently

[LilBytes]

Yep, they're all similar to correct horse battery staple or "toilets excite pregnant cabbages".