Re: It's 2018, And...
You don't have to give the real answer
Then your "I forgot my password" responses become another set of passwords, and you've defeated the mechanism that protects you from that failure mode.
And that may be fine. Maybe you never experience that failure mode; maybe you have your own protection mechanism (e.g. you write those false answers down somewhere). But it does demonstrate just how feeble the entire password-reset process is. Either it turns one failure mode (forgotten password) into a worse one (password subversion by an attacker); or it turns that former failure mode into another version of itself.