I used to do something like this. I avoid it now, and use a pass phrase of a few words as answers to these questions, stored as a password.

It was clear to me after I had to read such a security question answer over the phone to unlock an account the CSR was perfectly happy with "gibberish over the phone == gibberish in front of me", meaning my attempt to secure things made it less secure in the end.