[baby]

As he said, first you should encourage your users to authenticate one others by out-of-bands means. Then display who you truly authenticated. This can be gamified to encourage users doing it.

Now to authenticate a user out of band you can just have a shared secret that both users need to enter. You can share that secret via another channel in hope that it is not man-in-the-middled (or at least not by the same attacker). But then it is close to a trust on first use (TOFU) security: often "good enough", sometimes not (SMS).

Now if you're looking for cool ways to force the user to do it IRL, there are things like Bluetooth and NFC that would help.

There are also easier ways to do that, as ashitlerferad says, that we use for larger problems like mail and www: web of trust (WOT) and public key infrastructure (PKI).