After installing the add-on, a new "Secret Questions" page gets added to "Users and Groups" in the dashboard, next to "Login & Registration".
The Secret Questions page lets an administrator add, change and remove questions. It also allows blocked users to regain access to the reset option and certain groups can be forbidden from using the tool.
Any question can be edited by clicking on it, and any number of questions can be added. When a question is edited or deleted, it does not effect user experience. Their question is stored as a secret question / answer pair attribute unique to their profile. Unchecking "enabled" leaves the question in the dashboard, but will not be shown to end users.
The add-on has some options available:
The password questions add-on includes a single page, Password Questions, that users can access if they have forgotten their password. When they visit Password Questions, they will be prompted to provide either their username or their email address if authenticating via email address. Then the user is prompted with the number of questions required to reset their password.
If they are locked from using the password reset, they will recieve a message why. The super admin ('admin') will always be blocked from resetting passwords this way.
If a user has more questions on file than they are asked, the questions will be selected randomly. Entering a blank answer or not being able to read the captcha does not count towards their "wrong answer" score.
When someone creates a new user, they will be asked to pick and answer questions. These question / answer pairs are actually stored as an attribute for every user. With the default install, each user has two of these attributes.
If more questions are required, create a new "Secret Question" attribute from the User Attributes page of the dashboard. The attribute needs to be Editable and Required in the profile and on registration.