After I shared my previous post, a friend pointed out this post from earlier this month:
Security questions are a form of “Knowledge based authentication,” or KBA. That is, verifying identity based on a piece of information that “only” the person you’re trying to identify would know.
Why we retired the security question. (2020, July 2). Gandi News. https://news.gandi.net/en/2020/07/why-we-retired-the-security-question/
When you fill out “fun” quizzes you’re actually filling up the bucket on what they know about you.
Wherever possible I’ve started giving random answers to security questions. I store the question and answer in 1Password so I can look it up later. 1Password has a password generator that makes passwords that look like yeJvPGstRdt6hhUau (but longer) which I use for most websites, and a password generator that makes passwords that look like seacoast-shingle-monger-exhibit-harden for passwords I might have to remember or type in. Two words should be good enough for a security answer.