[kibibyte]

My solution to this attack is to generate random words (what 1Password calls a "memorable password") instead of something totally inscrutable. Most security question fields are long enough to accept 4 words (occasionally 5). I think it should be much harder to convince a customer support agent with "it's just 4 random words from the dictionary" vs "it's 32 random characters, do you really want me to go through it all?".

(I'm sure a determined enough attacker will eventually find an agent willing to accept the former excuse, but if it reaches that point, I think I've already lost this battle.)

[askvictor]

I guess the better solution is to make the answers different for each site, and plausible (i.e. childhood street is an actual street name somewhere), but False. Then saving these in your password manager. Given there are typically a few questions in the mix, each answer not having a huge amount of entropy doesn't matter as much.