I suggest using diceware or similar random words, not random strings. Humans are typically processing these, not machines. "What's your mother's maiden name" can be answered by "Oh, I just put a bunch of random letters" if someone knows your stance on security questions.

KeepassXC at least includes passphrase generation using the EFF diceware list. I use that for "security" questions.

Yes! It should be much harder to convince a CSR who can see your plaintext answers that you're legit and don't know you were born in "Peoria" vs "eH2ochomheeVe6ti".

I admit I've only had to fall back to the "security questions" a few times, but I haven't had any issues with the random strings.

The point isn’t that you will have an issue using a random string, it’s that attackers who know you do so will be able to convince a customer service rep they are you by answering the question “I just put in some random keystrokes”

Well that would require fairly detailed knowledge about me, but point taken. Not sure how random words are much better though, if the person on the other side is ready to accept whatever.