Creating the secret answer is just a matter of adding two new fields to your users table (one for the questionID and one for the answer), and a new table for the secrete questions.
the new Table would be:
secretquestions:
questionID - Primary Key
questionText - varchar
populate the secretquestions table with the questions that they should be al;lowed to choose from.
On the registration page, create a recorsdset to return the questions from the secretquestions table.
Add a select list to the registration form, set the select list to be dynamic, pull the values for the select list from the secretquestions recordset. set the Value to the questionID column and the label to the questionText column.
Add a new text box also for the user to type their answer.
in the insert record behavior, bind the questionID column of the user table to the select list, and the answer column to the answer text box.
Now on the New Password page, Create a recordset again to pull all the question from the secretquestions table. Create the select list again, make it dynamic, get the values from the secretquestions recordset, set the value to use the questionID column and the label to the questionText column.
add the answer text box as well.
create another recordset that filters the user table on the entered email address, the selected question and the answer.
Set the email password behavior trigger to only send if the lookup recordset is not empty. You can use the show region behavior to show an error message if the recordset is empty, you will need to modify the show region if statement so that it only shows the message if the recordset is empty and the form was submitted.