In reply to
by Sebastian GregerI treat all ‘security questions’, especially weak ones like ‘your mother’s maiden name’ (which in my case is also a few characters short of your Deutsche Bahn example’s limit) as password fields. So I provide unique answers per website asking for them, which are generated by my password generator, and store them in my password manager. It’s an act of information hygiene, imo.