Security questions can be used to reset your password. They are backup passwords. They should be treated as such: randomly generated and stored in a password manager. Different for each account. Any decent password manager will have a "notes" field or other way to store such data encrypted in the vault. Since they're almost certainly stored in plaintext on the backend, they should have at least 128 bits of entropy. 20 random printable US keyboard characters, 10 diceware words, etc.<p>Question: What colour was your first car?<p>Answer: SterilityExcitableFifthAbideEnrageGaffeHazilyRecoupSacrificeIllusive<p>Question: What was the first street you lived on?<p>Answer: G]6a)ERXnVd}`<(p'tY}<p>Etc.