I always, always store my bogus answers in 1Password. One of many reasons I love the tool.
Most security questions are either trivial for someone else to figure out with a little research or I don't know what my real answer would be. Name of my first pet? Well, I had several that could meet that definition, and I definitely don't remember the name of the first one.
Consider what would happen if you're accidentally exposed to a malware that steals data from the password managers (by introspecting process memory after the data was already decrypted)
Better keep those eggs in the different baskets (Update: Point was, I think 1Password doesn't have multiple databases, does it?)
I would expect greater risk if I spread that information around more. Is it really better if only 1/3rd of my passwords are stolen, at least relative to the 3x risk I face by using multiple sources?
My idea is to have two password databases. One is the usual, for the passwords. Another is infrequently opened and is used for the recovery codes and insecurity questions.
I don't see how a secondary normally-closed password vault would degrade security. It's still encrypted, and safe. On the contrary, it should increase security a little - for the abovementioned local malware scenario. Price paid is that because database is rarely used, it could get corrupt without user noticing, or access details could be forgotten.
Or I'm missing something important? Why the 3x risk?
1/3rd / 3x was based on the idea of splitting my passwords across 3 databases. Let's take your idea instead.
My concern was that if there is a risk of compromise, by using two different software solutions you've doubled the odds that a vulnerability will expose your data. (I once consulted for a company that had two data centers for high availability, but they had split their production services across the data centers, effectively doubling the odds of an outage instead of reducing their exposure.)
If instead you use the same software and two different data stores, I can see a benefit in having a store that you rarely open, but I'm not sure it outweighs the extra work, at least for me. If someone grabs my password store, having the security questions and answers protected would only help for a few accounts (admittedly, my bank being an important one) and the protection would only last as long as it took an attacker to social engineer their way past it.
I admit, now that you've raised the issue I'm going to at least think about moving my bank q&a info, but I doubt I'll go to the trouble; I suspect I'd either end up forgetting how to get to the credentials or leaving them somewhere someone could get at them.
Most security questions are either trivial for someone else to figure out with a little research or I don't know what my real answer would be. Name of my first pet? Well, I had several that could meet that definition, and I definitely don't remember the name of the first one.