It's more a failure of services/companies that require silly things like pet, school or maiden names as shared secrets. By now, everyone should get a PGP key at birth.
I agree. I never answer the security questions with a truthful answer, because things like "first company you worked for" are too easy to look up. I treat security questions almost the same as passwords. I generate random answers per question and store them in 1Password, just like my passwords.
A side-benefit of this is that if someone calls me and asks me to answer a security question, I won't know it. I'll be forced to call them back after I've opened 1Password and pulled up the record with the security questions.
