@neal @Taweret Also a good thing to keep them something you could easily recite over the phone. They don’t need to be honest answers to the questions, but many of the companies asking these things still treat them as “phone passwords” if you need to call them for any reason.

I use the classic “Diceware” word list and roll a nonsense “phrase” (then save to a password manager).