Seriously. This is not new, but Google at least now has a pretty infographic about it.

The short answer to secret questions is, a) never answer them “for real”, and b) don’t fake them, either. Instead, use them like tertiary password fields. Use either a mnemonic passphrase or, even better, a randomly generated, 16-character-plus strong passphrase. Then write down the questions and answers somewhere safe, like a password vault, in case you need to dig them up again (you will).

It’s not perfect, but until sites stop using this crap, it’s better than nothing.