You would not do this with a new password. Instead you would need to create a new access rule specific for the user.
When the user logs in their id should be held in a session variable. You can make a rule specific to a user that checks on the userid to ensure that the correct user is logged in. Any page that has the rule applied to it would restrict access to the one user.
To make it work like this you would need to lookup the user in the db to see their id, then craft a new rule that says if userID is equal to the id, then set the page up for that user and apply the rule to it. Post back if you have any questions or need any more specific info on this.