You should never give legit answers to these security questions. I just paste in the output of pwgen -s 32 1. This may make your account harder to "recover" but it also makes it harder to steal.
Yes, this is exactly what I do. I have interesting results sometimes;
Bank: I'll just need you to confirm your mother's maiden...um...um
Me: Yes, it's a long string of random characters, want me to read it?
Bank: No, that's ok, thanks.
like, put the first name in "Mother's maiden name", or the middle name, or swap their position
And you are right to treat it as a passsword