What's especially terrible about this is that secret questions only weaken the security of your account, so someone doing the right thing will have provided a random answer unrelated to their life.
Years ago, I went through this process with Blizzard:
1. Blizzard started deactivating my World of Warcraft account on the grounds that I hadn't paid my subscription.
2. I would log in and pay for a subscription, reenabling the account.
3. (Steps 1-2 repeated several times. Blizzard never provided any explanation beyond the fact that, in their opinion, my payment was invalid, which it wasn't.)
4. After several rounds, Blizzard disabled the account completely, requiring me to contact customer support.
5. Customer support, for the first time, informed me that the reason my payment was viewed as invalid was that the preferred payment card on my account was set to a different card. The card I was actually using was also listed on my account, but it wasn't the preferred card, which made it invalid.
6. Since my account was disabled, I didn't have the option of paying with my preferred card. I had to answer my secret question.
7. Since I am not stupid, my secret question didn't have an answer. It was a long string of random characters which I didn't know. But customer service happily accepted my oral answer of "it's gibberish", defeating the purpose of the secret question.
So I guess the lesson here is that the correct way to answer a secret question is that you need to provide an answer which...
(1) Looks like a real answer when customer service looks at it, so that they have a better chance of rejecting someone who doesn't know the answer; but also
(2) Doesn't belong to the class of answers that would be easy for someone to guess, such as a car model when they ask you for the model of your first car.
These requirements are incompatible with each other. I don't know what secret questions are supposed to be doing. And I have to note that my assumption that there was no reason for anyone, including myself, to know the answer to my secret question would have been completely correct if Blizzard hadn't made the decision that using a payment card that was already registered to my Blizzard account was a sign of fraud.
You've probably just solved a mystery with my Minecraft account. A good while ago it got "hacked" while having a strong password (random and unique), plus all security answers were filled with gibberish, which I diligently kept backed up somewhere. At that time I also hadn't logged in for over 2 or more years. Eventually I got it back through a proof of purchase process, but I couldn't ever figure out why it was taken over. Since no other account got compromised, I could reasonably assume my computer wasn't either.
So I guess in the end their recovery process was susceptible to some good old-fashioned social engineering.
I generate five random words and store them in the comment field of my password manager. It ensures they are at least pronounceable when asked over the phone.
The chance to do so hasn't occurred yet. Might be interesting to try, but it doesn't happen often enough and my priorities tend to be different when it does.
I thought up this schema after the last and only time I needed to use a secret question over the phone, when I read 32 ASCII characters to an Apple employee (which didn't work, but then they enabled a skip button for me to use).
Years ago, I went through this process with Blizzard:
1. Blizzard started deactivating my World of Warcraft account on the grounds that I hadn't paid my subscription.
2. I would log in and pay for a subscription, reenabling the account.
3. (Steps 1-2 repeated several times. Blizzard never provided any explanation beyond the fact that, in their opinion, my payment was invalid, which it wasn't.)
4. After several rounds, Blizzard disabled the account completely, requiring me to contact customer support.
5. Customer support, for the first time, informed me that the reason my payment was viewed as invalid was that the preferred payment card on my account was set to a different card. The card I was actually using was also listed on my account, but it wasn't the preferred card, which made it invalid.
6. Since my account was disabled, I didn't have the option of paying with my preferred card. I had to answer my secret question.
7. Since I am not stupid, my secret question didn't have an answer. It was a long string of random characters which I didn't know. But customer service happily accepted my oral answer of "it's gibberish", defeating the purpose of the secret question.
So I guess the lesson here is that the correct way to answer a secret question is that you need to provide an answer which...
(1) Looks like a real answer when customer service looks at it, so that they have a better chance of rejecting someone who doesn't know the answer; but also
(2) Doesn't belong to the class of answers that would be easy for someone to guess, such as a car model when they ask you for the model of your first car.
These requirements are incompatible with each other. I don't know what secret questions are supposed to be doing. And I have to note that my assumption that there was no reason for anyone, including myself, to know the answer to my secret question would have been completely correct if Blizzard hadn't made the decision that using a payment card that was already registered to my Blizzard account was a sign of fraud.